Or switch to Jellyfin y’know
The flaw’s CVSS score is the highest possible, and tells us that it can be exploited remotely over the internet, without user interaction or attackers having to authenticate first.
Or switch to Jellyfin y’know
The flaw’s CVSS score is the highest possible, and tells us that it can be exploited remotely over the internet, without user interaction or attackers having to authenticate first.
daaaamn but you have to have your server accessible to the internet right?
It looks like it yes, so anyone using the remote feature would be at risk. If its firewalled off and only accessible locally I can’t imagine how an attacker could do anything.
ya i know it phones home to plex and thought maybe this exploit could take advantage of that even if you hadn’t enabled “remote” access, but that’s probably unlikely
The exploit is currently private so we really just don’t know yet, looking forward to seeing what it is tbh