Access Control Flaw in Jellyfin Media Server by Jellyfin
CVE-2022-35909
8.8HIGH
What is CVE-2022-35909?
Jellyfin versions prior to 10.8 are susceptible to an access control misconfiguration in the /users endpoint, which allows unauthorized access to admin functionalities. This flaw can potentially lead to privilege escalation, enabling attackers to manipulate user data or settings without appropriate permissions. The vulnerability highlights the importance of implementing strict access controls in applications to safeguard sensitive user and administrative processes.