CVE-2024-53995 Scanner

SickChill is an open-source personal video recorder (PVR) application designed to automate the process of importing and organizing television shows. It is widely used by individuals who manage media collections with a focus on collecting TV series episodes. Users primarily install SickChill on their home servers to streamline show tracking and episode downloads. The application interfaces with third-party services such as torrent or Usenet indexers to fetch show metadata and media files. Being open-source, it attracts hobbyists and tech-savvy users interested in customizing their media experience. Its intuitive interface and robust functionality make it a popular choice for home media enthusiasts.

The Open Redirect vulnerability found in SickChill arises from an improper validation on the "next" parameter in the login endpoint. This oversight allows authenticated attackers to redirect users to arbitrary external sites. This type of vulnerability can lead to phishing attacks and unauthorised information disclosure if exploited maliciously. SickChill's exposure to open redirects was addressed in a specific commit to ensure redirection leads to a default page, bolstering user safety. The vulnerability, assigned as CVE-2024-53995, serves as a critical reminder of the importance of validating user inputs thoroughly. By addressing this flaw, developers can safeguard users against potential exploits targeting this weakness.

The technical specifics of the vulnerability involve the "next" parameter at the login endpoint of SickChill, which previously accepted any URL without restriction. Attackers exploiting this could encode malicious URLs within this parameter, opening a door for them to manipulate where users are redirected post-authentication. A fix was implemented in a specific commit, ensuring that redirects default to a safe page. This was crucial in curbing the possibility of malicious redirections. Despite its low CVSS ranking, the vulnerability's reach is concerning, as it can inadvertently lead users into reveals or compromisation via redirected phishing sites. Authenticating attackers find openings to manipulate session activities, capitalizing on redirect functionalities.

If exploited, this vulnerability could lead to a variety of serious issues. Users might be redirected to phishing sites where their credentials could be harvested. Additionally, it may lead to unauthorized data exposure if attackers direct users to malicious endpoints designed to capture sensitive information. Redirects can compromise user trust in the application, impacting the service reputation negatively. The vulnerability makes it possible for attackers to conduct social engineering attacks. Ultimately, the unchecked use of redirections without safe defaults risks significant user impact and erodes the security model's assumption.

REFERENCES

• https://securitylab.github.com/advisories/GHSL-2024-283_GHSL-2024-291_sickchill_sickchill/
• https://vulnerabletarget.com/VT-2024-53995
• https://github.com/SickChill/sickchill/blob/846adafdfab579281353ea08a27bbb813f9a9872/sickchill/views/authentication.py#L33
• https://github.com/SickChill/sickchill/commit/c7128a8946c3701df95c285810eb75b2de18bf82
• https://github.com/SickChill/sickchill/pull/8811
• https://nvd.nist.gov/vuln/detail/CVE-2024-53995