CVE-2024-31221

MEDIUM EPSS 39.5%
Published Apr 8, 20242y ago · Modified Jun 17, 20261w ago
5.9 CVSS 3.1
Medium
Find Similar
Published Apr 8, 2024 2y ago
Last Modified Jun 17, 2026 1w ago

Description

Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all devices in the web UI interface and then pairing only one device, all of the previously devices will be temporarily paired. Version 0.23.0 contains a patch for the issue. As a workaround, restarting Sunshine after unpairing all devices prevents the vulnerability.

CVSS Details

Base Score
5.9
Exploitability
1.2
Impact
4.7
Vector string
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity Low
Availability Low

Threat Intelligence

EPSS Exploit Probability
39.5% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-384

Affected Products 1

VendorProductVersionRange
lizardbytesunshine*≥0.10.0  –  <0.23.0

References 4

  • github.com https://github.com/LizardByte/Sunshine/commit/b7aa8119f1471844dccdf73a8b6f7efc9baddb5e
    Patch
  • github.com https://github.com/LizardByte/Sunshine/issues/2305
    ExploitIssue Tracking
  • github.com https://github.com/LizardByte/Sunshine/pull/2365
    Issue TrackingPatch
  • github.com https://github.com/LizardByte/Sunshine/security/advisories/GHSA-v8gw-jw28-v55m
    Vendor Advisory

Remediation

  • github.com https://github.com/LizardByte/Sunshine/commit/b7aa8119f1471844dccdf73a8b6f7efc9baddb5e
    Patch
  • github.com https://github.com/LizardByte/Sunshine/pull/2365
    Issue TrackingPatch