CVE-2023-51697
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2023-51697 is a newly identified vulnerability affecting the self-hosted audiobook and podcast server, Audiobookshelf. Prior to version 2.7.0, the server was susceptible to an unauthenticated Blind Server-Side Request (SSRF) vulnerability residing in `podcastUtils.js`. This issue allows remote attackers to send malicious HTTP requests to the server, potentially leading to unauthorized data access or server manipulation. The vulnerability has been rectified in the latest version, and no known workarounds are available for older versions. Users are strongly encouraged to update their Audiobookshelf installations to version 2.7.0 or later to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.