Comment on I don't know who needs to hear this, but DO NOT EVER expose Jellyfin to the internet

jagged_circle@feddit.nl ⁨1⁩ ⁨week⁩ ago

PluginsController only requires user privileges for potentially sensitive actions

  • Includes, but is not limited to: Listing all plugins on the server without being admin, changing plugin settings, listing plugin settings without being admin. This includes the possibility of retrieving LDAP access credentials without admin privileges.

Outch

source
Sort:hotnewtop