CVE-2023-48702

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Dec 13, 2023
Updated: Dec 18, 2023
CWE ID 77

Summary

CVE-2023-48702 is a vulnerability affecting Jellyfin, a media management and streaming system. Before version 10.8.13, the `/System/MediaEncoder/Path` endpoint contained a flaw that allowed an arbitrary file execution. Malicious administrators could exploit this vulnerability by setting up a network share and supplying a UNC path to the endpoint, causing Jellyfin to execute an unintended executable located on the network share in the local context. This issue was rectified in version 10.8.13, with the removal of the vulnerable endpoint.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share