You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The /System/MediaEncoder/Path endpoint executes an arbitrary file using ProcessStartInfo via the ValidateVersion function. A malicious administrator can setup a network share and supply a UNC path to /System/MediaEncoder/Path which points to an executable on the network share, causing Jellyfin server to run the executable in the local context.
Possible Remote Code Execution in /System/MediaEncoder/Path via UNC paths (GHSL-2023-029)
The /System/MediaEncoder/Path endpoint executes an arbitrary file using ProcessStartInfo via the ValidateVersion function. A malicious administrator can setup a network share and supply a UNC path to /System/MediaEncoder/Path which points to an executable on the network share, causing Jellyfin server to run the executable in the local context.
This has been a potential endstep of several other attack vectors, and as such, this endpoint is being removed.
This issue was discovered and reported by GHSL team member @Kwstubbs (Kevin Stubbings).