Lucene search
HistoryMar 10, 2023 - 4:15 p.m.
CVE-2023-27161
jellyfin
ssrf
vulnerability
network resources
post request
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
45.3%
Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.
Affected configurations
Node
jellyfinjellyfinRange≤10.7.7
Related
cve
cve
CVE-2023-27161
2023-03-10 16:15:11
cnvd
cnvd
Jellyfin suffers from an SSRF vulnerability (CNVD-2023-52831)
2023-04-18 00:00:00
osv
osv
CVE-2023-27161
2023-03-10 16:15:11
prion
prion
Server side request forgery (ssrf)
2023-03-10 16:15:00
cvelist
cvelist
CVE-2023-27161
2023-03-10 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
45.3%
Related for NVD:CVE-2023-27161