Emby Server Proxy Header Spoofing Vulnerability
CVE-2023-33193

9.1CRITICAL

Key Information:

Vendor: EmbySupport
Status: security
Vendor: CVE Published:; 30 May 2023

🔔 Create EmbySupport Vulnerability Alert

What is CVE-2023-33193?

Emby Server, a popular home media server, may be susceptible to an authentication bypass due to improper validation of user account settings. The vulnerability arises when certain headers are spoofed, which can mislead the local/non-local network determination. This may allow unauthorized administrative access without proper password authentication. All publicly accessible Emby Server installations with default or weak settings are at risk, especially if account login configurations have not been reinforced. The issue has been addressed in Emby Server Beta version 4.8.31 and Emby Server version 4.7.12, emphasizing the necessity for regular updates to maintain security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

security < 4.7.12 < 4.7.12

security < 4.8.31 < 4.8.31

References

https://github.com/EmbySupport/security/security/advisori...

x_refsource_CONFIRM

EPSS Score

53% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 30, 2023
Vulnerability Reserved
May 17, 2023

JSON

EmbySupport

What is CVE-2023-33193?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.