Server-Side Request Forgery in Jellyfin Affects Data Access
CVE-2023-27161
7.5HIGH
What is CVE-2023-27161?
Jellyfin, a popular media server software, has a vulnerability that allows attackers to execute Server-Side Request Forgery (SSRF) attacks through the /Repositories component. By sending specially crafted POST requests, malicious actors can gain unauthorized access to network resources and potentially sensitive information. Users of Jellyfin versions up to 10.7.7 are strongly advised to assess their systems for this security issue to mitigate risks.