CVE-2023-51697

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 27, 2023
Updated: Jan 5, 2024
CWE ID 918

Summary

CVE-2023-51697 is a newly identified vulnerability affecting the self-hosted audiobook and podcast server, Audiobookshelf. Prior to version 2.7.0, the server was susceptible to an unauthenticated Blind Server-Side Request (SSRF) vulnerability residing in `podcastUtils.js`. This issue allows remote attackers to send malicious HTTP requests to the server, potentially leading to unauthorized data access or server manipulation. The vulnerability has been rectified in the latest version, and no known workarounds are available for older versions. Users are strongly encouraged to update their Audiobookshelf installations to version 2.7.0 or later to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share