Unauthenticated Blind SSRF Vulnerability in Audiobookshelf

Unauthenticated Blind SSRF Vulnerability in Audiobookshelf

CVE-2023-51665 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in Auth.js. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability.

Learn more about our Cis Benchmark Audit For Server Software.