CVE-2024-35236

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-35236
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges (upload, creation of libraries) can lead to remote code execution (RCE) in the worst case. This was tested on version 2.9.0 on Windows, but an arbitrary file write is powerful enough as is and should easily lead to RCE on Linux, too. Version 2.10.0 contains a patch for the vulnerability.

4.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/advplyr/audiobookshelf/assets/36849099/46f6dfe0-9860-4ec0-a987-b3a553f7e45d
https://github.com/advplyr/audiobookshelf/blob/04ed4810fdfcafc2e82db536edc5870e3f937d00/client/components/readers/EpubReader.vue#L319
https://github.com/advplyr/audiobookshelf/commit/ce7f891b9b2cb57c6644aaf96f89a8bda6307664
https://github.com/advplyr/audiobookshelf/releases/tag/v2.10.0
https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-7j99-76cj-q9pg
Configurations

No configuration.

History

28 May 2024, 12:39

Type Values Removed Values Added
Summary
  • (es) Audiobookshelf es un servidor de podcasts y audiolibros autohospedado. Antes de la versión 2.10.0, abrir un libro electrónico con scripts maliciosos en su interior provocaba la ejecución del código dentro del contexto de navegación. Atacar a un usuario con altos privilegios (carga, creación de librerías) puede provocar la ejecución remota de código (RCE) en el peor de los casos. Esto se probó en la versión 2.9.0 en Windows, pero una escritura de archivo arbitraria es lo suficientemente potente como está y debería conducir fácilmente a RCE también en Linux. La versión 2.10.0 contiene un parche para la vulnerabilidad.

27 May 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-27 17:15

Updated : 2024-05-28 12:39

NVD link : CVE-2024-35236

Mitre link : CVE-2024-35236

CVE.ORG link : CVE-2024-35236

JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')