Vulnerability Description
Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, any user (regardless of their permissions) may be able to read files from the local file system due to a path traversal in the `/hls` endpoint. This issue may lead to Information Disclosure. As of time of publication, no patches are available.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Audiobookshelf | Audiobookshelf | <= 2.4.3 |
Related Weaknesses (CWE)
References
- https://github.com/advplyr/audiobookshelf/blob/d7b2476473ef1934eedec41425837cddfProduct
- https://securitylab.github.com/advisories/GHSL-2023-203_GHSL-2023-204_audiobooksExploitThird Party Advisory
- https://github.com/advplyr/audiobookshelf/blob/d7b2476473ef1934eedec41425837cddfProduct
- https://securitylab.github.com/advisories/GHSL-2023-203_GHSL-2023-204_audiobooksExploitThird Party Advisory
FAQ
What is CVE-2023-47624?
CVE-2023-47624 is a vulnerability with a CVSS score of 7.5 (HIGH). Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, any user (regardless of their permissions) may be able to read files from the local file system due to a path...
How severe is CVE-2023-47624?
CVE-2023-47624 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-47624?
Check the references section above for vendor advisories and patch information. Affected products include: Audiobookshelf Audiobookshelf.