CVE-2023-47619

Name of the Vulnerable Software and Affected Versions Audiobookshelf versions 2.4.3 and prior

Description Audiobookshelf is a self-hosted audiobook and podcast server. Users with the update permission can read arbitrary files, delete arbitrary files, and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure.

Recommendations For versions 2.4.3 and prior, as a temporary workaround, consider restricting the update permission to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.