Comment on That's all folks, Plex is starting to charge for sharing
Dave@lemmy.nz 1 week agoCheers for that. Many of these issues allow a user to do admin actions if they do the right things, so it seems you should never allow a user that you don’t fully trust to have an account.
But outside of this, there isn’t anything in there that on its own worries me given the nature of the platform (that is, that if it all burnt down I could retrieve all data from other sources). I’m no expert but a cursory look shows a bunch of potential issues that may be layered with other issues but no clear attack path except with prior knowledge.
These should obviously be fixed but there’s nothing that makes me want to rip my server off the open internet in a hurry.
Zeoic@lemmy.world 1 week ago
Seems trivial to me for someone to guess file paths and use those to confirm if specific content is on a jellyfin server. With how prevalent things like docker and sonarr are, filepaths are pretty standardized these days. I wouldn’t trust JF without a VPN
Dave@lemmy.nz 6 days ago
I guess my position is that I am not worried about someone confirming content exists on my server. But I don’t live in the US, if I did I might be more worried. I also geofence to my country to limit exposure.