Arbitrary File Read and Delete Vulnerability in Audiobookshelf 2.4.3 and Prior
CVE-2023-47619 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of time of publication, no patches are available.
Learn more about our Cis Benchmark Audit For Server Software.