cbcvebase.
CVE-2019-19833
published 2019-12-18

CVE-2019-19833: In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. (Also, anonymous access can be achieved in applications…

PriorityP347medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EXPLOIT
EPSS
14.71%
96.2th percentile
In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. (Also, anonymous access can be achieved in applications that do not have a user login area).

Affected

1 ranges
VendorProductVersion rangeFixed in
tautullitautulli

Detection & IOCsextracted from sources · hover to see the quote

url/shutdown
versionTautulli 2.1.9
  • Monitor for unauthenticated or cross-origin HTTP requests to the /shutdown endpoint on Tautulli instances.
  • Alert on anonymous access attempts to Tautulli endpoints, particularly /shutdown, in applications lacking a user login area.
  • Detect HTTP requests targeting the /shutdown URL on Tautulli servers, especially from unexpected or external referrers (CSRF vector).
  • ·The vulnerability affects Tautulli 2.1.9 and prior; ensure version scope is confirmed before applying detections.
  • ·Anonymous access exploitation is only possible in Tautulli deployments that do not have a user login area configured.

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.