After clicking through to the login screen, users cannot tell if they’re logging into their own Plex server or the attacker’s. Since Plex users often share their media by way of email notifications, these phishing attempts may see higher than average success rates. The attacker would likely exploit this vulnerability through phishing. This vulnerability is due to a weak cross-origin resource sharing (CORS) policy. This type of service is very popular as people are homebound due to public health orders. Users can share personal media libraries among friends and discover related content from traditional streaming sources around the web. The Plex application and service allows users to organize and stream their own media through a Netflix-like experience. Tenable Research has disclosed three vulnerabilities in Plex Media Server, affecting versions prior to 1.18.2. Plex has since administered patches and mitigations for these vulnerabilities. Tenable Research discovered multiple vulnerabilities in Plex Media Server, a popular media streaming and sharing service, that could allow attackers to gain full system privileges and access to personal files.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |