Vulnerabilities > CVE-2023-27161 - Server-Side Request Forgery (SSRF) vulnerability in Jellyfin

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
jellyfin
CWE-918

Summary

Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.

Common Weakness Enumeration (CWE)