Filtered by vendor Audiobookshelf
Subscribe
Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-51697 | 1 Audiobookshelf | 1 Audiobookshelf | 2024-11-21 | N/A | 4.3 MEDIUM |
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in `podcastUtils.js`. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability. | |||||
CVE-2023-51665 | 1 Audiobookshelf | 1 Audiobookshelf | 2024-11-21 | N/A | 4.3 MEDIUM |
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in Auth.js. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability. | |||||
CVE-2023-47624 | 1 Audiobookshelf | 1 Audiobookshelf | 2024-11-21 | N/A | 7.5 HIGH |
Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, any user (regardless of their permissions) may be able to read files from the local file system due to a path traversal in the `/hls` endpoint. This issue may lead to Information Disclosure. As of time of publication, no patches are available. | |||||
CVE-2023-47619 | 1 Audiobookshelf | 1 Audiobookshelf | 2024-11-21 | N/A | 8.1 HIGH |
Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of time of publication, no patches are available. | |||||
CVE-2024-43797 | 1 Audiobookshelf | 1 Audiobookshelf | 2024-09-13 | N/A | 4.3 MEDIUM |
audiobookshelf is a self-hosted audiobook and podcast server. A non-admin user is not allowed to create libraries (or access only the ones they have permission to). However, the `LibraryController` is missing the check for admin user and thus allows a path traversal issue. Allowing non-admin users to write to any directory in the system can be seen as a form of path traversal. However, since it can be restricted to only admin permissions, fixing this is relatively simple and falls more into the realm of Role-Based Access Control (RBAC). This issue has been addressed in release version 2.13.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. |