Jellyfin security issues #183

New issue

Closed

opened 2022-08-26 01:08:22 +00:00 by a · 3 comments

a commented

2022-08-26 01:08:22 +00:00

Owner

@ersei sent a long list of Jellyfin security issues in the exozyme #general channel https://github.com/jellyfin/jellyfin/issues/5415

Unfortunately, the LDAP credentials leakage issue is particularly serious since you can use those credentials to do some very damaging things like accessing other user accounts. For now, we will probably have to just completely disable Jellyfin until this issue is fixed.

The other issues are also bad, but not as catastrophic as this one.

One of the comments blamed this all on Emby's bad coding, so 🤷.

Since we have a long history of helping and contributing to upstream, does anyone want to try solving these issues and helping out Jellyfin? I'm pretty sure there are many other people who aren't aware of Jellyfin's poor security and are exposing it to the internet, so we could make a decent impact here.

@ersei sent a long list of Jellyfin security issues in the exozyme #general channel https://github.com/jellyfin/jellyfin/issues/5415 Unfortunately, the LDAP credentials leakage issue is particularly serious since you can use those credentials to do some very damaging things like accessing other user accounts. For now, we will probably have to just completely disable Jellyfin until this issue is fixed. The other issues are also bad, but not as catastrophic as this one. One of the comments blamed this all on Emby's bad coding, so 🤷. Since we have a long history of helping and contributing to upstream, does anyone want to try solving these issues and helping out Jellyfin? I'm pretty sure there are many other people who aren't aware of Jellyfin's poor security and are exposing it to the internet, so we could make a decent impact here.