{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-43797", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-08-16T14:20:37.325Z", "datePublished": "2024-09-02T16:21:07.372Z", "dateUpdated": "2024-09-03T14:18:32.336Z"}, "containers": {"cna": {"title": "Path Traversal in audiobookshelf", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-gg56-vj58-g5mc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-gg56-vj58-g5mc"}, {"name": "https://github.com/advplyr/audiobookshelf-ghsa-gg56-vj58-g5mc/pull/1", "tags": ["x_refsource_MISC"], "url": "https://github.com/advplyr/audiobookshelf-ghsa-gg56-vj58-g5mc/pull/1"}, {"name": "https://github.com/advplyr/audiobookshelf/blob/1c0d6e9c670ebb1b6f1e427a4c4d9250a7fb9b80/server/controllers/LibraryController.js#L43-L47", "tags": ["x_refsource_MISC"], "url": "https://github.com/advplyr/audiobookshelf/blob/1c0d6e9c670ebb1b6f1e427a4c4d9250a7fb9b80/server/controllers/LibraryController.js#L43-L47"}], "affected": [{"vendor": "advplyr", "product": "audiobookshelf", "versions": [{"version": "< 2.13.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-02T16:21:07.372Z"}, "descriptions": [{"lang": "en", "value": "audiobookshelf is a self-hosted audiobook and podcast server. A non-admin user is not allowed to create libraries (or access only the ones they have permission to). However, the `LibraryController` is missing the check for admin user and thus allows a path traversal issue. Allowing non-admin users to write to any directory in the system can be seen as a form of path traversal. However, since it can be restricted to only admin permissions, fixing this is relatively simple and falls more into the realm of Role-Based Access Control (RBAC). This issue has been addressed in release version 2.13.0. All users are advised to upgrade. There are no known workarounds for this vulnerability."}], "source": {"advisory": "GHSA-gg56-vj58-g5mc", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "advplyr", "product": "audiobookshelf", "cpes": ["cpe:2.3:a:advplyr:audiobookshelf:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.13.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-03T13:51:47.038623Z", "id": "CVE-2024-43797", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T14:18:32.336Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Path Traversal in audiobookshelf", "source": {"advisory": "GHSA-gg56-vj58-g5mc", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "advplyr", "product": "audiobookshelf", "versions": [{"status": "affected", "version": "< 2.13.0"}]}], "references": [{"url": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-gg56-vj58-g5mc", "name": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-gg56-vj58-g5mc", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/advplyr/audiobookshelf-ghsa-gg56-vj58-g5mc/pull/1", "name": "https://github.com/advplyr/audiobookshelf-ghsa-gg56-vj58-g5mc/pull/1", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/advplyr/audiobookshelf/blob/1c0d6e9c670ebb1b6f1e427a4c4d9250a7fb9b80/server/controllers/LibraryController.js#L43-L47", "name": "https://github.com/advplyr/audiobookshelf/blob/1c0d6e9c670ebb1b6f1e427a4c4d9250a7fb9b80/server/controllers/LibraryController.js#L43-L47", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "audiobookshelf is a self-hosted audiobook and podcast server. A non-admin user is not allowed to create libraries (or access only the ones they have permission to). However, the `LibraryController` is missing the check for admin user and thus allows a path traversal issue. Allowing non-admin users to write to any directory in the system can be seen as a form of path traversal. However, since it can be restricted to only admin permissions, fixing this is relatively simple and falls more into the realm of Role-Based Access Control (RBAC). This issue has been addressed in release version 2.13.0. All users are advised to upgrade. There are no known workarounds for this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-02T16:21:07.372Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-43797", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-03T13:51:47.038623Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:advplyr:audiobookshelf:*:*:*:*:*:*:*:*"], "vendor": "advplyr", "product": "audiobookshelf", "versions": [{"status": "affected", "version": "0", "lessThan": "2.13.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-09-03T14:18:17.511Z"}}]}, "cveMetadata": {"cveId": "CVE-2024-43797", "state": "PUBLISHED", "dateUpdated": "2024-09-02T16:21:07.372Z", "dateReserved": "2024-08-16T14:20:37.325Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-09-02T16:21:07.372Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:audiobookshelf:audiobookshelf:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFCDB8A1-E970-407C-AEB5-C0C1C30E505F", "versionEndExcluding": "2.13.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "audiobookshelf is a self-hosted audiobook and podcast server. A non-admin user is not allowed to create libraries (or access only the ones they have permission to). However, the `LibraryController` is missing the check for admin user and thus allows a path traversal issue. Allowing non-admin users to write to any directory in the system can be seen as a form of path traversal. However, since it can be restricted to only admin permissions, fixing this is relatively simple and falls more into the realm of Role-Based Access Control (RBAC). This issue has been addressed in release version 2.13.0. All users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "audiobookshelf es un servidor de audiolibros y podcasts autoalojado. A un usuario que no sea administrador no se le permite crear librer\u00edas (o acceder solo a aquellas para las que tiene permiso). Sin embargo, a `LibraryController` le falta la verificaci\u00f3n para el usuario administrador y, por lo tanto, permite un problema de recorrido de ruta. Permitir que los usuarios que no sean administradores escriban en cualquier directorio del sistema puede verse como una forma de path traversal. Sin embargo, dado que se puede restringir solo a los permisos de administrador, solucionar esto es relativamente simple y cae m\u00e1s en el \u00e1mbito del Control de acceso basado en roles (RBAC). Este problema se ha solucionado en la versi\u00f3n de lanzamiento 2.13.0. Se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."}], "id": "CVE-2024-43797", "lastModified": "2024-09-13T19:49:33.803", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-09-02T18:15:36.073", "references": [{"source": "security-advisories@github.com", "tags": ["Broken Link"], "url": "https://github.com/advplyr/audiobookshelf-ghsa-gg56-vj58-g5mc/pull/1"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/advplyr/audiobookshelf/blob/1c0d6e9c670ebb1b6f1e427a4c4d9250a7fb9b80/server/controllers/LibraryController.js#L43-L47"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-gg56-vj58-g5mc"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}