Unrestricted Server Restart Vulnerability
A vulnerability in version 20240410 allows any user to restart the server at will by sending a specific request to the `/queue/join?` endpoint. This issue was patched in a subsequent release.
Available publicly on Jul 10 2024
Threat Overview
The vulnerability allows any user to restart the server without any restrictions on the frequency. This can lead to significant service disruption, data loss, and potential system compromise. The ability to restart the server at will undermines the stability and reliability of the service, posing a serious risk to both the system and its users.
Attack Scenario
An attacker could exploit this vulnerability by sending repeated requests to the /queue/join? endpoint with the fn_index set to 66. This would cause the server to restart continuously, leading to service disruption, potential data loss, and a compromised system environment.
Who is affected
All users and administrators of the affected version (20240410) are impacted by this vulnerability. This includes any environment where the server is deployed and accessible.
Technical Report
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.