Arbitrary File Read and Delete Vulnerability in Audiobookshelf 2.4.3 and Prior

Arbitrary File Read and Delete Vulnerability in Audiobookshelf 2.4.3 and Prior

CVE-2023-47619 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of time of publication, no patches are available.

Learn more about our Cis Benchmark Audit For Server Software.