Vulnerabilities > CVE-2023-51697 - Server-Side Request Forgery (SSRF) vulnerability in Audiobookshelf

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
audiobookshelf
CWE-918

Summary

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in `podcastUtils.js`. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability.

Vulnerable Configurations

Part Description Count
Application
Audiobookshelf
101

Common Weakness Enumeration (CWE)