That wouldn’t even be using TLS
Bad idea
Comment on Sharing Jellyfin
skankhunt42@lemmy.ca 1 day ago
Hang on, why not open the port to jellyfin to the internet?
I have a lifetime Plex pass so its not urgent but I have a containers running emby and jellyfin to check them out. When I decide which one I planned to open it up and give people logins.
possiblylinux127@lemmy.zip 1 day ago
Selfhoster1728@infosec.pub 1 day ago
See this issue on their github repo: here
Basically from what I understand there’s loads of unauthenticated api calls, so someone can very easily exploit that.
exu@feditown.com 1 day ago
The main unauthenticated action is video streaming, but an attacker would need to guess the correct id by chance.
github.com/jellyfin/jellyfin/issues/5415#issuecom…
MaggiWuerze@feddit.org 1 day ago
It’s not chance if the I’d is based on the path to your media. There’s but that much variation in the path to a certain movie and its trivial to build a rainbow table to try them out. This way unauthenticated users can not only stream from your server but effectively map your library