virus logo Web Application Firewall

Jellyfin.Aribitrary.File.Read

description-logoDescription

Jellyfin is a Free Software Media System. In Jellyfin before version 10.7.1, with certain endpoints, well crafted requests will allow arbitrary file read from a Jellyfin server's file system. This issue is more prevalent when Windows is used as the host OS. Servers that are exposed to the public Internet are potentially at risk.

affected-products-logoAffected Products

Jellyfin before version 10.7.1

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://jellyfin.org

Version Updates

Date Version Status Detail
2024-11-06 1.00057
New
ID 1002017415
Created Nov 07, 2024
Updated Nov 07, 2024
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Default Action drop
Active
Affected OS All
Affected App Jellyfin