Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-30626
CVE-2023-30626:
C# vulnerability analysis and mitigation
Overview
CVE-2023-30626 is a directory traversal vulnerability discovered in Jellyfin, a free-software media system. The vulnerability affects versions starting with 10.8.0 and prior to 10.8.10, specifically in the ClientLogController component at the /ClientLog/Document endpoint. When combined with a cross-site scripting vulnerability (CVE-2023-30627), this vulnerability could lead to file write capabilities and arbitrary code execution (GitHub Advisory).
Technical details
The vulnerability exists in the ClientLogController where the GetRequestInformation method retrieves client name and version from the HttpContext.User object. These attacker-controlled values are interpolated into a string used in Path.Combine(), enabling directory traversal. The vulnerability has a CVSS v3.1 Base Score of 8.1 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N according to NVD assessment (NVD).
Impact
When exploited, an attacker can write files with controlled content to arbitrary locations on the filesystem. While the resulting files always end with '.log' extension, this can still be leveraged for malicious purposes. On Linux systems running as root in a container, the impact could be more severe as it allows writing to any location. When combined with CVE-2023-30627, this vulnerability enables remote code execution with the privileges of the user running Jellyfin (GitHub Advisory).
Mitigation and workarounds
The vulnerability has been patched in Jellyfin version 10.8.10. The fix includes adding path traversal checks in the WriteDocumentAsync method. There are no known workarounds, and it is critical for all Jellyfin administrators to upgrade to version 10.8.10, especially if they allow untrusted users or expose their instance to the Internet (Jellyfin Release).
Community reactions
The release of version 10.8.10 received significant attention from the community, with over 80 users reacting to the release announcement on GitHub. The security fix was marked as a CRITICAL SECURITY ADVISORY in the release notes, emphasizing the severity of the vulnerability (Jellyfin Release).
Additional resources
Source: This report was generated using AI
Related C# vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management