CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS
Percentile
49.9%
[email protected] reports:
Jellyfin is a free-software media system. Versions starting with
10.8.0 and prior to 10.8.10 and prior have a directory traversal
vulnerability inside the ClientLogController
, specifically
/ClientLog/Document
. When combined with a cross-site scripting
vulnerability (CVE-2023-30627), this can result in file write and
arbitrary code execution. Version 10.8.10 has a patch for this
issue. There are no known workarounds.