CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29490 – Unauthenticated GET requests through Remote Image endpoints
https://notcve.org/view.php?id=CVE-2021-29490
Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Verions prior to 10.7.3 vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the imageUrl parameter. This issue potentially exposes both internal and external HTTP servers or other resources available via HTTP `GET` that are visible from the Jellyfin server. The vulnerability is patched in version 10.7.3. As a workaround, disable external access to the API endpoints `/Items/*/RemoteImages/Download`, `/Items/RemoteSearch/Image` and `/Images/Remote` via reverse proxy, or limit to known-friendly IPs. • https://github.com/jellyfin/jellyfin/security/advisories/GHSA-rgjw-4fwc-9v96 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.7EPSS: 22%CPEs: 1EXPL: 3CVE-2021-21402 – Unauthenticated Arbitrary File Access in Jellyfin
https://notcve.org/view.php?id=CVE-2021-21402
Jellyfin is a Free Software Media System. In Jellyfin before version 10.7.1, with certain endpoints, well crafted requests will allow arbitrary file read from a Jellyfin server's file system. This issue is more prevalent when Windows is used as the host OS. Servers that are exposed to the public Internet are potentially at risk. This is fixed in version 10.7.1. • https://github.com/givemefivw/CVE-2021-21402 https://github.com/somatrasss/CVE-2021-21402 https://github.com/jiaocoll/CVE-2021-21402-Jellyfin https://github.com/jellyfin/jellyfin/commit/0183ef8e89195f420c48d2600bc0b72f6d3a7fd7 https://github.com/jellyfin/jellyfin/releases/tag/v10.7.1 https://github.com/jellyfin/jellyfin/security/advisories/GHSA-wg4c-c9g9-rxhx • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •