CVE-2023-47624

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Dec 13, 2023

Updated: Dec 19, 2023

CWE ID 22

Summary

CVE-2023-47624 is a path traversal vulnerability affecting Audiobookshelf, a self-hosted audiobook and podcast server. Versions 2.4.3 and prior are vulnerable, allowing any user, regardless of their permissions, to potentially read files from the local file system through the `/hls` endpoint. This vulnerability may result in information disclosure, and currently, there are no available patches to address the issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tT7Y69
https://www.cve.org/CVERecord?id=CVE-2023-47624
https://nvd.nist.gov/vuln/detail/CVE-2023-47624

Back to Vulnerability Database

CVE-2023-47624

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations