Nothing. People fearmonger
Comment on Just created my own zero trust network!
dataprolet@lemmy.dbzer0.com 1 day agoWhat’s wrong with exposing Jellyfin to the internet?
smiletolerantly@awful.systems 1 day ago
possiblylinux127@lemmy.zip 1 day ago
You really shouldn’t expose anything directly to the internet. It is a security problem waiting to happen. (Assuming it hasn’t already)
This is how giant botnets form.
dataprolet@lemmy.dbzer0.com 1 day ago
What security problems?
sugar_in_your_tea@sh.itjust.works 1 day ago
Bots randomly attack stuff, and if you leave something insecure, they’ll install a bot net node.
mic_check_one_two@lemmy.dbzer0.com 1 day ago
There are a few security issues with it, but all of the worst known issues require a valid login token. So an attacker would already need to have valid login credentials before they could actually do anything bad. Things like being able to stream video without authentication (but it requires already having a list of the stored media on the server, which means you have been logged in before). Or being able to change other users’ settings (but it requires already being logged in to a valid user).
Dhs92@piefed.social 1 day ago
The bug you mentioned actually just requires the attacker knows your local media paths to generate the hash. The issue is that most people use trash guides to setup *arr which means they probably have the same paths for everything