Comment on What actual damage do you secure your servers against? Whats the attack vector?
hirihit640@sh.itjust.works 20 hours agoGot it. Access to docker.sock is definitely something to be wary of, or CAP_ADMIN, or access to certain host devices.
Worth mentioning though that Jellyfin usually has none of these.
Also worth mentioning that Linux recently has had two massive privilege escalation vulnerabilities that bypass system namespacing and thus also provide container escapes.