Back

CVE-2024-43797

Sept. 2, 2024, 6:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

audiobookshelf

  • 2.13.0 and above

Source

security-advisories@github.com

Tags

security-advisories@github.com
CWE-22
2024-09-02
CVE-2024-43797

CVE-2024-43797 details

Published : Sept. 2, 2024, 6:15 p.m.
Last Modified : Sept. 2, 2024, 6:15 p.m.

Description

audiobookshelf is a self-hosted audiobook and podcast server. A non-admin user is not allowed to create libraries (or access only the ones they have permission to). However, the `LibraryController` is missing the check for admin user and thus allows a path traversal issue. Allowing non-admin users to write to any directory in the system can be seen as a form of path traversal. However, since it can be restricted to only admin permissions, fixing this is relatively simple and falls more into the realm of Role-Based Access Control (RBAC). This issue has been addressed in release version 2.13.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS Score

1 2 3 4 5 6.3 7 8 9 10

Weakness

Weakness Name Description
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

Base Score

6.3

Exploitability Score

2.8

Impact Score

3.4

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

References

URL Source
https://github.com/advplyr/audiobookshelf-ghsa-gg56-vj58-g5mc/pull/1 security-advisories@github.com
https://github.com/advplyr/audiobookshelf/blob/1c0d6e9c670ebb1b6f1e427a4c4d9250a7fb9b80/server/controllers/LibraryController.js#L43-L47 security-advisories@github.com
https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-gg56-vj58-g5mc security-advisories@github.com
This website uses the NVD API, but is not approved or certified by it.