All the vulnerabilites related to advplyr - audiobookshelf
cve-2023-51665
Vulnerability from cvelistv5
Published
2023-12-27 17:26
Modified
2024-08-02 22:40
Severity ?
EPSS score ?
Summary
Audiobookshelf vulnerable to Blind SSRF in `Auth.js`
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-gjgj-98v3-47pg | x_refsource_CONFIRM | |
| https://github.com/advplyr/audiobookshelf/commit/728496010cbfcee5b7b54001c9f79e02ede30d82 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| advplyr | audiobookshelf |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:34.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-gjgj-98v3-47pg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-gjgj-98v3-47pg"
},
{
"name": "https://github.com/advplyr/audiobookshelf/commit/728496010cbfcee5b7b54001c9f79e02ede30d82",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/advplyr/audiobookshelf/commit/728496010cbfcee5b7b54001c9f79e02ede30d82"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "audiobookshelf",
"vendor": "advplyr",
"versions": [
{
"status": "affected",
"version": "\u003c 2.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in Auth.js. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-27T17:26:57.166Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-gjgj-98v3-47pg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-gjgj-98v3-47pg"
},
{
"name": "https://github.com/advplyr/audiobookshelf/commit/728496010cbfcee5b7b54001c9f79e02ede30d82",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/advplyr/audiobookshelf/commit/728496010cbfcee5b7b54001c9f79e02ede30d82"
}
],
"source": {
"advisory": "GHSA-gjgj-98v3-47pg",
"discovery": "UNKNOWN"
},
"title": "Audiobookshelf vulnerable to Blind SSRF in `Auth.js`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-51665",
"datePublished": "2023-12-27T17:26:57.166Z",
"dateReserved": "2023-12-21T14:14:26.224Z",
"dateUpdated": "2024-08-02T22:40:34.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-51697
Vulnerability from cvelistv5
Published
2023-12-27 17:26
Modified
2024-08-02 22:40
Severity ?
EPSS score ?
Summary
Audiobookshelf vulnerable to Blind SSRF in `podcastUtils.js`
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-jhjx-c3wx-q2x7 | x_refsource_CONFIRM | |
| https://github.com/advplyr/audiobookshelf/commit/f2f2ea161ca0701e1405e737b0df0f96296e4f64 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| advplyr | audiobookshelf |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:34.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-jhjx-c3wx-q2x7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-jhjx-c3wx-q2x7"
},
{
"name": "https://github.com/advplyr/audiobookshelf/commit/f2f2ea161ca0701e1405e737b0df0f96296e4f64",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/advplyr/audiobookshelf/commit/f2f2ea161ca0701e1405e737b0df0f96296e4f64"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "audiobookshelf",
"vendor": "advplyr",
"versions": [
{
"status": "affected",
"version": "\u003c 2.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in `podcastUtils.js`. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-27T17:26:54.876Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-jhjx-c3wx-q2x7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-jhjx-c3wx-q2x7"
},
{
"name": "https://github.com/advplyr/audiobookshelf/commit/f2f2ea161ca0701e1405e737b0df0f96296e4f64",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/advplyr/audiobookshelf/commit/f2f2ea161ca0701e1405e737b0df0f96296e4f64"
}
],
"source": {
"advisory": "GHSA-jhjx-c3wx-q2x7",
"discovery": "UNKNOWN"
},
"title": "Audiobookshelf vulnerable to Blind SSRF in `podcastUtils.js`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-51697",
"datePublished": "2023-12-27T17:26:54.876Z",
"dateReserved": "2023-12-21T21:32:12.991Z",
"dateUpdated": "2024-08-02T22:40:34.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-25205
Vulnerability from cvelistv5
Published
2025-02-12 18:16
Modified
2025-02-13 14:14
Severity ?
EPSS score ?
Summary
Remote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matching
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| advplyr | audiobookshelf |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25205",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T14:13:30.123643Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T14:14:25.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "audiobookshelf",
"vendor": "advplyr",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.17.0, \u003c 2.19.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings like \"/api/items/1/cover\" in a query parameter (?r=/api/items/1/cover) to partially bypass authentication or trigger server crashes under certain routes. This could lead to information disclosure of otherwise protected data and, in some cases, a complete denial of service (server crash) if downstream code expects an authenticated user object. Version 2.19.1 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-202",
"description": "CWE-202: Exposure of Sensitive Information Through Data Queries",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T18:16:01.326Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-pg8v-5jcv-wrvw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-pg8v-5jcv-wrvw"
},
{
"name": "https://github.com/advplyr/audiobookshelf/pull/3584",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/advplyr/audiobookshelf/pull/3584"
},
{
"name": "https://github.com/advplyr/audiobookshelf/commit/bf8407274e3ee300af1927ee660d078a7a801e1c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/advplyr/audiobookshelf/commit/bf8407274e3ee300af1927ee660d078a7a801e1c"
},
{
"name": "https://github.com/advplyr/audiobookshelf/commit/ec6537656925a43871b07cfee12c9f383844d224",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/advplyr/audiobookshelf/commit/ec6537656925a43871b07cfee12c9f383844d224"
},
{
"name": "https://github.com/advplyr/audiobookshelf/blob/1a3d70d04100924d41391acb55bd8ddca486a4fa/server/Auth.js#L17-L41",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/advplyr/audiobookshelf/blob/1a3d70d04100924d41391acb55bd8ddca486a4fa/server/Auth.js#L17-L41"
}
],
"source": {
"advisory": "GHSA-pg8v-5jcv-wrvw",
"discovery": "UNKNOWN"
},
"title": "Remote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matching"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-25205",
"datePublished": "2025-02-12T18:16:01.326Z",
"dateReserved": "2025-02-03T19:30:53.401Z",
"dateUpdated": "2025-02-13T14:14:25.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-46338
Vulnerability from cvelistv5
Published
2025-04-29 04:34
Modified
2025-04-29 13:37
Severity ?
EPSS score ?
Summary
Audiobookshelf Vulnerable to Cross-Site-Scripting Reflected via POST Request in /api/upload
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-47g3-c5hx-2q3w | x_refsource_CONFIRM | |
| https://github.com/advplyr/audiobookshelf/commit/35870a01583b2947030f4e3d4ac769c3ff298386 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| advplyr | audiobookshelf |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46338",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T13:35:58.102544Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T13:37:57.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "audiobookshelf",
"vendor": "advplyr",
"versions": [
{
"status": "affected",
"version": "\u003c 2.21.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the `/api/upload` endpoint allows an attacker to perform a reflected cross-site scripting (XSS) attack by submitting malicious payloads in the `libraryId` field. The unsanitized input is reflected in the server\u2019s error message, enabling arbitrary JavaScript execution in a victim\u0027s browser. This issue has been patched in version 2.21.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T04:34:44.713Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-47g3-c5hx-2q3w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-47g3-c5hx-2q3w"
},
{
"name": "https://github.com/advplyr/audiobookshelf/commit/35870a01583b2947030f4e3d4ac769c3ff298386",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/advplyr/audiobookshelf/commit/35870a01583b2947030f4e3d4ac769c3ff298386"
}
],
"source": {
"advisory": "GHSA-47g3-c5hx-2q3w",
"discovery": "UNKNOWN"
},
"title": "Audiobookshelf Vulnerable to Cross-Site-Scripting Reflected via POST Request in /api/upload"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-46338",
"datePublished": "2025-04-29T04:34:44.713Z",
"dateReserved": "2025-04-22T22:41:54.912Z",
"dateUpdated": "2025-04-29T13:37:57.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47619
Vulnerability from cvelistv5
Published
2023-12-13 21:02
Modified
2024-08-02 21:09
Severity ?
EPSS score ?
Summary
Audiobookshelf Server-Side Request Forgery and Arbitrary File Read Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| advplyr | audiobookshelf |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:37.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-203_GHSL-2023-204_audiobookshelf/",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-203_GHSL-2023-204_audiobookshelf/"
},
{
"name": "https://github.com/advplyr/audiobookshelf/blob/d7b2476473ef1934eedec41425837cddf2d4b13e/server/controllers/AuthorController.js#L66",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/advplyr/audiobookshelf/blob/d7b2476473ef1934eedec41425837cddf2d4b13e/server/controllers/AuthorController.js#L66"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "audiobookshelf",
"vendor": "advplyr",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of time of publication, no patches are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T21:06:36.271Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-203_GHSL-2023-204_audiobookshelf/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-203_GHSL-2023-204_audiobookshelf/"
},
{
"name": "https://github.com/advplyr/audiobookshelf/blob/d7b2476473ef1934eedec41425837cddf2d4b13e/server/controllers/AuthorController.js#L66",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/advplyr/audiobookshelf/blob/d7b2476473ef1934eedec41425837cddf2d4b13e/server/controllers/AuthorController.js#L66"
}
],
"source": {
"advisory": "GHSA-m2gq-53r2-74fm",
"discovery": "UNKNOWN"
},
"title": "Audiobookshelf Server-Side Request Forgery and Arbitrary File Read Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-47619",
"datePublished": "2023-12-13T21:02:34.389Z",
"dateReserved": "2023-11-07T16:57:49.243Z",
"dateUpdated": "2024-08-02T21:09:37.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-43797
Vulnerability from cvelistv5
Published
2024-09-02 16:21
Modified
2024-09-03 14:18
Severity ?
EPSS score ?
Summary
Path Traversal in audiobookshelf
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| advplyr | audiobookshelf |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:advplyr:audiobookshelf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "audiobookshelf",
"vendor": "advplyr",
"versions": [
{
"lessThan": "2.13.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43797",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T13:51:47.038623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T14:18:32.336Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "audiobookshelf",
"vendor": "advplyr",
"versions": [
{
"status": "affected",
"version": "\u003c 2.13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "audiobookshelf is a self-hosted audiobook and podcast server. A non-admin user is not allowed to create libraries (or access only the ones they have permission to). However, the `LibraryController` is missing the check for admin user and thus allows a path traversal issue. Allowing non-admin users to write to any directory in the system can be seen as a form of path traversal. However, since it can be restricted to only admin permissions, fixing this is relatively simple and falls more into the realm of Role-Based Access Control (RBAC). This issue has been addressed in release version 2.13.0. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-02T16:21:07.372Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-gg56-vj58-g5mc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-gg56-vj58-g5mc"
},
{
"name": "https://github.com/advplyr/audiobookshelf-ghsa-gg56-vj58-g5mc/pull/1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/advplyr/audiobookshelf-ghsa-gg56-vj58-g5mc/pull/1"
},
{
"name": "https://github.com/advplyr/audiobookshelf/blob/1c0d6e9c670ebb1b6f1e427a4c4d9250a7fb9b80/server/controllers/LibraryController.js#L43-L47",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/advplyr/audiobookshelf/blob/1c0d6e9c670ebb1b6f1e427a4c4d9250a7fb9b80/server/controllers/LibraryController.js#L43-L47"
}
],
"source": {
"advisory": "GHSA-gg56-vj58-g5mc",
"discovery": "UNKNOWN"
},
"title": "Path Traversal in audiobookshelf"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43797",
"datePublished": "2024-09-02T16:21:07.372Z",
"dateReserved": "2024-08-16T14:20:37.325Z",
"dateUpdated": "2024-09-03T14:18:32.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-35236
Vulnerability from cvelistv5
Published
2024-05-27 17:03
Modified
2024-08-02 03:07
Severity ?
EPSS score ?
Summary
Audiobookshelf Cross-Site-Scripting vulnerability via crafted ebooks
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| advplyr | audiobookshelf |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:advplyr:audiobookshelf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "audiobookshelf",
"vendor": "advplyr",
"versions": [
{
"lessThan": "2.10.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35236",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T15:23:00.670611Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T15:22:30.443Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-7j99-76cj-q9pg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-7j99-76cj-q9pg"
},
{
"name": "https://github.com/advplyr/audiobookshelf/commit/ce7f891b9b2cb57c6644aaf96f89a8bda6307664",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/advplyr/audiobookshelf/commit/ce7f891b9b2cb57c6644aaf96f89a8bda6307664"
},
{
"name": "https://github.com/advplyr/audiobookshelf/assets/36849099/46f6dfe0-9860-4ec0-a987-b3a553f7e45d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/advplyr/audiobookshelf/assets/36849099/46f6dfe0-9860-4ec0-a987-b3a553f7e45d"
},
{
"name": "https://github.com/advplyr/audiobookshelf/blob/04ed4810fdfcafc2e82db536edc5870e3f937d00/client/components/readers/EpubReader.vue#L319",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/advplyr/audiobookshelf/blob/04ed4810fdfcafc2e82db536edc5870e3f937d00/client/components/readers/EpubReader.vue#L319"
},
{
"name": "https://github.com/advplyr/audiobookshelf/releases/tag/v2.10.0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/advplyr/audiobookshelf/releases/tag/v2.10.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "audiobookshelf",
"vendor": "advplyr",
"versions": [
{
"status": "affected",
"version": "\u003c 2.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges (upload, creation of libraries) can lead to remote code execution (RCE) in the worst case. This was tested on version 2.9.0 on Windows, but an arbitrary file write is powerful enough as is and should easily lead to RCE on Linux, too. Version 2.10.0 contains a patch for the vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-27T17:03:46.175Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-7j99-76cj-q9pg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-7j99-76cj-q9pg"
},
{
"name": "https://github.com/advplyr/audiobookshelf/commit/ce7f891b9b2cb57c6644aaf96f89a8bda6307664",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/advplyr/audiobookshelf/commit/ce7f891b9b2cb57c6644aaf96f89a8bda6307664"
},
{
"name": "https://github.com/advplyr/audiobookshelf/assets/36849099/46f6dfe0-9860-4ec0-a987-b3a553f7e45d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/advplyr/audiobookshelf/assets/36849099/46f6dfe0-9860-4ec0-a987-b3a553f7e45d"
},
{
"name": "https://github.com/advplyr/audiobookshelf/blob/04ed4810fdfcafc2e82db536edc5870e3f937d00/client/components/readers/EpubReader.vue#L319",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/advplyr/audiobookshelf/blob/04ed4810fdfcafc2e82db536edc5870e3f937d00/client/components/readers/EpubReader.vue#L319"
},
{
"name": "https://github.com/advplyr/audiobookshelf/releases/tag/v2.10.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/advplyr/audiobookshelf/releases/tag/v2.10.0"
}
],
"source": {
"advisory": "GHSA-7j99-76cj-q9pg",
"discovery": "UNKNOWN"
},
"title": "Audiobookshelf Cross-Site-Scripting vulnerability via crafted ebooks"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-35236",
"datePublished": "2024-05-27T17:03:46.175Z",
"dateReserved": "2024-05-14T15:39:41.785Z",
"dateUpdated": "2024-08-02T03:07:46.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47624
Vulnerability from cvelistv5
Published
2023-12-13 21:09
Modified
2024-08-02 21:16
Severity ?
EPSS score ?
Summary
Audiobookshelf Arbitrary File Read Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| advplyr | audiobookshelf |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:42.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-203_GHSL-2023-204_audiobookshelf/",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-203_GHSL-2023-204_audiobookshelf/"
},
{
"name": "https://github.com/advplyr/audiobookshelf/blob/d7b2476473ef1934eedec41425837cddf2d4b13e/server/routers/HlsRouter.js#L32",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/advplyr/audiobookshelf/blob/d7b2476473ef1934eedec41425837cddf2d4b13e/server/routers/HlsRouter.js#L32"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "audiobookshelf",
"vendor": "advplyr",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, any user (regardless of their permissions) may be able to read files from the local file system due to a path traversal in the `/hls` endpoint. This issue may lead to Information Disclosure. As of time of publication, no patches are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T21:09:00.688Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-203_GHSL-2023-204_audiobookshelf/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-203_GHSL-2023-204_audiobookshelf/"
},
{
"name": "https://github.com/advplyr/audiobookshelf/blob/d7b2476473ef1934eedec41425837cddf2d4b13e/server/routers/HlsRouter.js#L32",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/advplyr/audiobookshelf/blob/d7b2476473ef1934eedec41425837cddf2d4b13e/server/routers/HlsRouter.js#L32"
}
],
"source": {
"advisory": "GHSA-x2hg-g7vw-258q",
"discovery": "UNKNOWN"
},
"title": "Audiobookshelf Arbitrary File Read Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-47624",
"datePublished": "2023-12-13T21:09:00.688Z",
"dateReserved": "2023-11-07T16:57:49.243Z",
"dateUpdated": "2024-08-02T21:16:42.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}