CVE-2013-7301 - Vulnerability Details - OpenCVE

Cantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Craig Drummond	Cantata

Configuration 1 [-]

OR	cpe:2.3:a:craig_drummond:cantata::::::::
	cpe:2.3:a:craig_drummond:cantata:0.7.0:::::::*
	cpe:2.3:a:craig_drummond:cantata:0.7.1:::::::*
	cpe:2.3:a:craig_drummond:cantata:0.8.0:::::::*
	cpe:2.3:a:craig_drummond:cantata:0.8.1:::::::*
	cpe:2.3:a:craig_drummond:cantata:0.8.2:::::::*
	cpe:2.3:a:craig_drummond:cantata:0.8.3:::::::*
	cpe:2.3:a:craig_drummond:cantata:0.8.3.1:::::::*
	cpe:2.3:a:craig_drummond:cantata:0.9.0:::::::*
	cpe:2.3:a:craig_drummond:cantata:0.9.1:::::::*
	cpe:2.3:a:craig_drummond:cantata:0.9.2:::::::*
	cpe:2.3:a:craig_drummond:cantata:1.0.0:::::::*
	cpe:2.3:a:craig_drummond:cantata:1.0.1:::::::*
	cpe:2.3:a:craig_drummond:cantata:1.0.2:::::::*
	cpe:2.3:a:craig_drummond:cantata:1.0.3:::::::*
	cpe:2.3:a:craig_drummond:cantata:1.1.0:::::::*
	cpe:2.3:a:craig_drummond:cantata:1.1.1:::::::*
	cpe:2.3:a:craig_drummond:cantata:1.1.2:::::::*
	cpe:2.3:a:craig_drummond:cantata:1.1.3:::::::*
	cpe:2.3:a:craig_drummond:cantata:1.2.0:::::::*

No data.

References

Link	Providers
http://seclists.org/oss-sec/2014/q1/121
http://seclists.org/oss-sec/2014/q1/124
https://code.google.com/p/cantata/issues/detail?id=356

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-02-02T00:00:00

Updated: 2024-08-06T18:01:20.327Z

Reserved: 2014-01-20T00:00:00

Link: CVE-2013-7301

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-02-02T00:55:04.770

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-7301

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-01-20T00:00:00", "descriptions": [{"lang": "en", "value": "Cantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-02-02T00:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/cantata/issues/detail?id=356"}, {"name": "[oss-security] 20140120 Re: CVE request: Cantata vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2014/q1/124"}, {"name": "[oss-security] 20140120 CVE request: Cantata vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2014/q1/121"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7301", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://code.google.com/p/cantata/issues/detail?id=356", "refsource": "CONFIRM", "url": "https://code.google.com/p/cantata/issues/detail?id=356"}, {"name": "[oss-security] 20140120 Re: CVE request: Cantata vulnerability", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2014/q1/124"}, {"name": "[oss-security] 20140120 CVE request: Cantata vulnerability", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2014/q1/121"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:01:20.327Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.google.com/p/cantata/issues/detail?id=356"}, {"name": "[oss-security] 20140120 Re: CVE request: Cantata vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2014/q1/124"}, {"name": "[oss-security] 20140120 CVE request: Cantata vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2014/q1/121"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-7301", "datePublished": "2014-02-02T00:00:00", "dateReserved": "2014-01-20T00:00:00", "dateUpdated": "2024-08-06T18:01:20.327Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:craig_drummond:cantata:*:*:*:*:*:*:*:*", "matchCriteriaId": "9BCEC906-3CD9-4D31-AD59-952D01EEF01B", "versionEndIncluding": "1.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:craig_drummond:cantata:0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "8A2B9A20-1A76-4354-8DB7-98D924B733C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:craig_drummond:cantata:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "73D54787-33BC-4132-8D6A-66B2BAF9EB5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:craig_drummond:cantata:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F35DE3AA-6AC9-4D4F-8CB6-08DC33F4AFB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:craig_drummond:cantata:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "5F7971A1-DE64-4964-9D82-E5900D6E247B", "vulnerable": true}, {"criteria": "cpe:2.3:a:craig_drummond:cantata:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "C044EF1B-3F29-4927-A007-ACC8D1018797", "vulnerable": true}, {"criteria": "cpe:2.3:a:craig_drummond:cantata:0.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "BD740EFA-0578-4D67-A0C6-06631C522F0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:craig_drummond:cantata:0.8.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "CB1CAC0C-096A-4412-BE53-4B97683CEA2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:craig_drummond:cantata:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "5BA73E11-4D8D-4DF7-B829-1CFAC0EFAC50", "vulnerable": true}, {"criteria": "cpe:2.3:a:craig_drummond:cantata:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "B4FBBF1C-302E-4092-954B-BA43AE6EC21D", "vulnerable": true}, {"criteria": "cpe:2.3:a:craig_drummond:cantata:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "D9336F9C-8300-4BC9-90D0-827D735EBB10", "vulnerable": true}, {"criteria": "cpe:2.3:a:craig_drummond:cantata:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E0284204-FCB5-4A7F-B1B3-5A7BF8907297", "vulnerable": true}, {"criteria": "cpe:2.3:a:craig_drummond:cantata:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "03C45090-F4D5-40AA-A0F7-B2852A0A411F", "vulnerable": true}, {"criteria": "cpe:2.3:a:craig_drummond:cantata:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "F8D1C8DD-B246-45DC-A27B-AED532771184", "vulnerable": true}, {"criteria": "cpe:2.3:a:craig_drummond:cantata:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "6054C983-BB3A-445E-A3A3-D4628A578908", "vulnerable": true}, {"criteria": "cpe:2.3:a:craig_drummond:cantata:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5D7109EE-15CB-4E0B-B89D-A49B6B7B85EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:craig_drummond:cantata:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4DB719D6-F5F7-4DEB-A1B5-CD117AC71237", "vulnerable": true}, {"criteria": "cpe:2.3:a:craig_drummond:cantata:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "907A7F53-A572-48CB-B962-46E2D7FCF4A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:craig_drummond:cantata:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "2C05B58D-3F27-4A5A-B9F1-FAD21CA4A059", "vulnerable": true}, {"criteria": "cpe:2.3:a:craig_drummond:cantata:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "FBDD5472-BD96-4C20-93D5-5FFF5DDB171D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue."}, {"lang": "es", "value": "Cantata anterior a 1.2.2 no restringe el acceso a los archivos en la cola de reproducci\u00f3n, lo cual permite a atacantes remotos obtener informaci\u00f3n sensible mediante la lectura de las canciones de la cola."}], "id": "CVE-2013-7301", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-02-02T00:55:04.770", "references": [{"source": "cve@mitre.org", "url": "http://seclists.org/oss-sec/2014/q1/121"}, {"source": "cve@mitre.org", "url": "http://seclists.org/oss-sec/2014/q1/124"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://code.google.com/p/cantata/issues/detail?id=356"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/oss-sec/2014/q1/121"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/oss-sec/2014/q1/124"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://code.google.com/p/cantata/issues/detail?id=356"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}