CVE-2023-50264 : Exploit Details and Defense Strategies
Discover the details of CVE-2023-50264, a high-severity vulnerability in Bazarr before 1.3.1 allowing arbitrary file read. Learn the impact, affected systems, and mitigation steps.
This article provides details about CVE-2023-50264, a vulnerability in the Bazarr software before version 1.3.1 that allows for arbitrary file read in the /system/backup/download/ endpoint.
Understanding CVE-2023-50264
This section covers the essential information regarding the vulnerability.
What is CVE-2023-50264?
Bazarr, a tool for managing and downloading subtitles, is impacted by an arbitrary file read vulnerability in the /system/backup/download/ endpoint in the app/ui.py file before version 1.3.1. This flaw allows an attacker to read arbitrary files on the system.
The Impact of CVE-2023-50264
With a CVSS base score of 7.5, this vulnerability poses a high risk to confidentiality.
Technical Details of CVE-2023-50264
Get a deeper understanding of the technical aspects of this security issue.
Vulnerability Description
The vulnerability arises from an improper limitation of a pathname to a restricted directory, enabling path traversal attacks.
Affected Systems and Versions
- Vendor: morpheus65535
- Product: bazarr
- Versions Affected: < 1.3.1
Exploitation Mechanism
Attackers exploit the lack of validation on the user-controlled filename variable to read arbitrary files on the system.
Mitigation and Prevention
Learn how to mitigate the risks associated with CVE-2023-50264.
Immediate Steps to Take
Users are advised to update to version 1.3.1 or later to fix this vulnerability.
Long-Term Security Practices
Regularly update software and monitor security advisories to stay protected.
Patching and Updates
Refer to the following resources for patching and updates: