CVE-2023-50265

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 15, 2023

Updated: Dec 19, 2023

CWE ID 22

Summary

CVE-2023-50265 is a vulnerability affecting the subtitle manager Bazarr. Before version 1.3.1, the application's /api/swaggerui/static endpoint in ui.py fails to validate user-controlled filename variables used in the send_file function, allowing for arbitrary file reading on the system. This issue poses a significant security risk, as it enables unauthorized access to sensitive files. Users are strongly encouraged to update to version 1.3.1 to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tsu5ER
https://www.cve.org/CVERecord?id=CVE-2023-50265
https://nvd.nist.gov/vuln/detail/CVE-2023-50265

Back to Vulnerability Database

CVE-2023-50265

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations