LOW
The severity rating is LOW as there are no known vulnerabilities specific to this version of Kumiho. However, the real-world exploitability would depend on how it's deployed and if there are any misconfigurations or dependencies with known vulnerabilities.

Kumiho v0.12.0 is a self-hosted e-book and audiobook server that supports various formats including ZIP, PDF, EPUB, TXT, and Audiobooks. The latest version has improved performance in local scanning and viewer/player functionalities. However, the advisory does not mention any specific vulnerabilities or security issues related to Kumiho v0.12.0. Given its nature as a self-hosted service that potentially handles sensitive user data such as e-books and audiobooks, it's crucial for sysadmins and engineers to ensure proper security measures are in place when deploying this software. This includes securing the server environment where Kumiho is hosted, updating regularly, and configuring access controls appropriately.

Affected Systems
  • Kumiho v0.12.0
Affected Versions: v0.12.0
Remediation
  • Ensure that the Docker container is running the latest version of Kumiho: `docker pull kumiho/kumiho:v0.12.0`.
  • Review and update any dependencies within the Dockerfile to their latest versions.
  • Apply network segmentation around the server where Kumiho runs, limiting access only to trusted sources.
Stack Impact

Minimal direct impact on common homelab stacks, as long as updates are applied regularly and security best practices are followed. Ensure that any web server or reverse proxy configuration in front of Kumiho is secured.

Source →