Vulnerabilities > CVE-2023-47619 - Server-Side Request Forgery (SSRF) vulnerability in Audiobookshelf

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
audiobookshelf
CWE-918
NVD
Published: 2023-12-13
Updated: 2023-12-19

Summary

Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of time of publication, no patches are available.

Vulnerable Configurations

Part Description Count
Application
Audiobookshelf
98

Common Weakness Enumeration (CWE)

References