CVE-2023-30626

HIGH

Exploit for OS Command Injection in Motioneye_Project Motioneye

Details

CVSS v3: 8.8
NVD published: 2023-04-24 21:15:09
EPSS: 1.0% probability · 76.7th percentile — 2026-03-13
Affected versions: cpe:2.3:a:jellyfin:jellyfin:*:*:*:*:*:*:*:*
Summary: Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the `ClientLogController`, specifically `/ClientLog/Document`. When combined with a cross-site scripting vulnerability (CVE-2023-30627), this can result in file write and arbitrary code execution. Version 10.8.10 has a patch for this issue. There are no known workarounds.
Remediation: Not available in our cache.
Exploit info: https://github.com/jellyfin/jellyfin/blob/22d880662283980dec994cd7d35fe269613bfce3/Jellyfin.Api/Controllers/ClientLogController.cs#L44 https://github.com/jellyfin/jellyfin/security/advisories/GHSA-9p5f-5x8v-x65m

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.