CVE-2023-27161

Опубликовано: 10 мар. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.

Ссылки

http://jellyfin.com
Broken Link
https://gist.github.com/b33t1e/5c067e0538a0b712dc3d59bd4b9a5952
https://github.com/jellyfin/jellyfin
Product
https://notes.sjtu.edu.cn/s/yJ9lPk09a
Exploit
Third Party Advisory
http://jellyfin.com
Broken Link
https://gist.github.com/b33t1e/5c067e0538a0b712dc3d59bd4b9a5952
https://github.com/jellyfin/jellyfin
Product
https://notes.sjtu.edu.cn/s/yJ9lPk09a
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jellyfin:jellyfin:*:*:*:*:*:*:*:*

Версия до 10.7.7 (включая)

EPSS

Процентиль: 72%

0.00701

Низкий

7.5 High

CVSS3

Дефекты

CWE-918

Связанные уязвимости

CVE-2023-27161

CVSS3: 7.5

debian

почти 3 года назад

Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request ...

GHSA-cw4m-8qhc-m96h

CVSS3: 7.5

github

почти 3 года назад

EPSS

Процентиль: 72%

0.00701

Низкий

7.5 High

CVSS3

Дефекты

CWE-918