Skip to main content

Audiobookshelf CVE-2023-47619

MEDIUM
Information Exposure (CWE-200)
2023-12-13 security-advisories@github.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 13, 2023 - 21:15 nvd
MEDIUM 6.5

DescriptionNVD

Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of time of publication, no patches are available.

AnalysisAI

Audiobookshelf is a self-hosted audiobook and podcast server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of time of publication, no patches are available. Affected products include: Audiobookshelf.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2025-25205 HIGH POC
8.2 Feb 12

Audiobookshelf is a self-hosted audiobook and podcast server. Rated high severity (CVSS 8.2), this vulnerability is remo

CVE-2025-46338 MEDIUM POC
6.9 Apr 29

Audiobookshelf is a self-hosted audiobook and podcast server. Rated medium severity (CVSS 6.9), this vulnerability is re

CVE-2023-47624 MEDIUM POC
6.5 Dec 13

Audiobookshelf is a self-hosted audiobook and podcast server. Rated medium severity (CVSS 6.5), this vulnerability is re

CVE-2026-27963 MEDIUM POC
4.8 Feb 26

Stored XSS in Audiobookshelf prior to version 2.32.0 enables privileged users to inject malicious code into library meta

CVE-2024-35236 MEDIUM POC
4.8 May 27

Audiobookshelf is a self-hosted audiobook and podcast server. Rated medium severity (CVSS 4.8), this vulnerability is re

CVE-2024-43797 MEDIUM POC
4.3 Sep 02

audiobookshelf is a self-hosted audiobook and podcast server. Rated medium severity (CVSS 4.3), this vulnerability is re

CVE-2023-51697 HIGH
7.5 Dec 27

Audiobookshelf is a self-hosted audiobook and podcast server. Rated high severity (CVSS 7.5), this vulnerability is remo

CVE-2023-51665 HIGH
7.5 Dec 27

Audiobookshelf is a self-hosted audiobook and podcast server. Rated high severity (CVSS 7.5), this vulnerability is remo

CVE-2026-42888 MEDIUM
6.9 May 11

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the podcast creation endpoint at server/c

CVE-2026-42883 MEDIUM
6.5 May 11

Authenticated users with download permissions in Audiobookshelf prior to 2.32.2 can download files from libraries they d

CVE-2026-42886 MEDIUM
4.9 May 11

Denial-of-service in Audiobookshelf prior to version 2.32.2 allows authenticated admin users to crash the server by uplo

CVE-2026-42887 MEDIUM
4.5 May 11

Stored cross-site scripting (XSS) in Audiobookshelf prior to 2.33.0 allows authenticated administrators to inject malici

Share

CVE-2023-47619 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy