Comment on Plex’s crackdown on free remote streaming access starts this week - Ars Technica
Cocodapuf@lemmy.world 3 weeks agolist of installed plugins.
Yeah, as you said, that’s a pretty serious security issue. That’s a data leak that explicitly lays out the shape of your attack surface. It tells the attacker exactly what additional software your server is running and if any of it includes known vulnerabilities, the attacker now knows how to gain access.
tyler@programming.dev 2 weeks ago
That only works if the plugins are somehow accessible through an api controller, which as far as I’m aware, is not how jellyfin plugins work. So no, it wouldn’t increase your attack surface at all.