Vulnerability Description
Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of time of publication, no patches are available.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Audiobookshelf | Audiobookshelf | <= 2.4.3 |
Related Weaknesses (CWE)
References
- https://github.com/advplyr/audiobookshelf/blob/d7b2476473ef1934eedec41425837cddfProduct
- https://securitylab.github.com/advisories/GHSL-2023-203_GHSL-2023-204_audiobooksExploitThird Party Advisory
- https://github.com/advplyr/audiobookshelf/blob/d7b2476473ef1934eedec41425837cddfProduct
- https://securitylab.github.com/advisories/GHSL-2023-203_GHSL-2023-204_audiobooksExploitThird Party Advisory
FAQ
What is CVE-2023-47619?
CVE-2023-47619 is a vulnerability with a CVSS score of 8.1 (HIGH). Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET requ...
How severe is CVE-2023-47619?
CVE-2023-47619 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-47619?
Check the references section above for vendor advisories and patch information. Affected products include: Audiobookshelf Audiobookshelf.