Home > Vulnerability Database > CVE-2024-31221

Mend.io Vulnerability Database

CVE-2024-31221

Date: April 8, 2024

Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all devices in the web UI interface and then pairing only one device, all of the previously devices will be temporarily paired. Version 0.23.0 contains a patch for the issue. As a workaround, restarting Sunshine after unpairing all devices prevents the vulnerability.

Language: C++

Severity Score

5.9

Related Resources (6)

Url: https://github.com/LizardByte/Sunshine/issues/2305

Url: https://github.com/LizardByte/Sunshine/commit/b7aa8119f1471844dccdf73a8b6f7efc9baddb5e

Url: https://github.com/LizardByte/Sunshine/security/advisories/GHSA-v8gw-jw28-v55m

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-31221

Url: https://github.com/LizardByte/Sunshine/pull/2365

Url: https://www.mend.io/vulnerability-database/CVE-2024-31221

Severity Score

5.9

Weakness Type (CWE)

Session Fixation

CWE-384

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-31221

Date: April 8, 2024

Language: C++

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?