CVE-2023-48702
CVSS 3.1 Score 7.2 of 10 (high)
Details
Published Dec 13, 2023
Updated: Dec 18, 2023
CWE ID 77
Summary
CVE-2023-48702 is a vulnerability affecting Jellyfin, a media management and streaming system. Before version 10.8.13, the `/System/MediaEncoder/Path` endpoint contained a flaw that allowed an arbitrary file execution. Malicious administrators could exploit this vulnerability by setting up a network share and supplying a UNC path to the endpoint, causing Jellyfin to execute an unintended executable located on the network share in the local context. This issue was rectified in version 10.8.13, with the removal of the vulnerable endpoint.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Jellyfin ID