3 matches found
Design/Logic Flaw
Ombi is an open source application which allows users to request specific media from popular self-hosted streaming servers. Versions prior to 4.38.2 contain an arbitrary file read vulnerability where an Ombi administrative user may access files available to the Ombi server process on the host...
CVE-2023-32322
CVE-2023-32322 affects Ombi versions prior to 4.38.2. The vulnerability is an arbitrary file read in the SystemControllers.cs endpoints ReadLogFile and Download, caused by improper sanitization of the logFileName parameter used with Path.Combine. Attackers could escape directories with ".." or su...
CVE-2023-32322 Arbitrary file read in Ombi
Ombi is an open source application which allows users to request specific media from popular self-hosted streaming servers. Versions prior to 4.38.2 contain an arbitrary file read vulnerability where an Ombi administrative user may access files available to the Ombi server process on the host...