Published: 23/03/2021 Updated: 27/03/2021
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Vulnerability Summary

Jellyfin is a Free Software Media System. In Jellyfin before version 10.7.1, with certain endpoints, well crafted requests will allow arbitrary file read from a Jellyfin server's file system. This issue is more prevalent when Windows is used as the host OS. Servers that are exposed to the public Internet are potentially at risk. This is fixed in version 10.7.1. As a workaround, users may be able to restrict some access by enforcing strict security permissions on their filesystem, however, it is recommended to update as soon as possible.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

jellyfin jellyfin

Github Repositories

CVE-2021-21402 Jellyfin系统存在任意文件读取漏洞。 漏洞编号 CVE-2021-21402 工具利用 python3 CVE-2021-21402py -u 127001:1111 单个url测试 python3 CVE-2021-21402py -f urltxt 批量检测 exp利用 测试目标 免责声明 由于传播、利用此文所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本

jiaocoll-CVE-2021-21402-Jellyfin jiaocoll/CVE-2021-21402-Jellyfin 此POC仅用于学习交流,由此产生的一切后果本人不承担

CVE-2021-21402-Jellyfin-任意文件读取 此POC仅用于学习交流,由此产生的一切后果本人不承担