CVE-2024-43797

audiobookshelf is a self-hosted audiobook and podcast server. A non-admin user is not allowed to create libraries (or access only the ones they have permission to). However, the `LibraryController` is missing the check for admin user and thus allows a path traversal issue. Allowing non-admin users to write to any directory in the system can be seen as a form of path traversal. However, since it can be restricted to only admin permissions, fixing this is relatively simple and falls more into the realm of Role-Based Access Control (RBAC). This issue has been addressed in release version 2.13.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:audiobookshelf:audiobookshelf:*:*:*:*:*:*:*:*

History

13 Sep 2024, 19:49

Type Values Removed Values Added
CPE cpe:2.3:a:audiobookshelf:audiobookshelf:*:*:*:*:*:*:*:*
First Time Audiobookshelf audiobookshelf
Audiobookshelf
CVSS v2 : unknown
v3 : 6.3
v2 : unknown
v3 : 4.3
References () https://github.com/advplyr/audiobookshelf-ghsa-gg56-vj58-g5mc/pull/1 - () https://github.com/advplyr/audiobookshelf-ghsa-gg56-vj58-g5mc/pull/1 - Broken Link
References () https://github.com/advplyr/audiobookshelf/blob/1c0d6e9c670ebb1b6f1e427a4c4d9250a7fb9b80/server/controllers/LibraryController.js#L43-L47 - () https://github.com/advplyr/audiobookshelf/blob/1c0d6e9c670ebb1b6f1e427a4c4d9250a7fb9b80/server/controllers/LibraryController.js#L43-L47 - Product
References () https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-gg56-vj58-g5mc - () https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-gg56-vj58-g5mc - Exploit, Mitigation, Vendor Advisory

03 Sep 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) audiobookshelf es un servidor de audiolibros y podcasts autoalojado. A un usuario que no sea administrador no se le permite crear librerías (o acceder solo a aquellas para las que tiene permiso). Sin embargo, a `LibraryController` le falta la verificación para el usuario administrador y, por lo tanto, permite un problema de recorrido de ruta. Permitir que los usuarios que no sean administradores escriban en cualquier directorio del sistema puede verse como una forma de path traversal. Sin embargo, dado que se puede restringir solo a los permisos de administrador, solucionar esto es relativamente simple y cae más en el ámbito del Control de acceso basado en roles (RBAC). Este problema se ha solucionado en la versión de lanzamiento 2.13.0. Se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.

02 Sep 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-02 18:15

Updated : 2024-09-13 19:49


NVD link : CVE-2024-43797

Mitre link : CVE-2024-43797

CVE.ORG link : CVE-2024-43797


JSON object : View

Products Affected

audiobookshelf

  • audiobookshelf
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')