Jellyfin v10.7.7 SSRF Vulnerability: Unauthorized Network Resource Access via /Repositories Component

CVE-2023-27161 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.

Learn more about our Cis Benchmark Audit For Server Software.