Collection of potential security issues in Jellyfin This is a non exhaustive list of potential security issues found in Jellyfin. Some of these might cause controversy. Some of these are design fla…
Collection of potential security issues in Jellyfin This is a non exhaustive list of potential security issues found in Jellyfin. Some of these might cause controversy. Some of these are design fla…
If my server is already open to everyone, what kind of potential attacks do i need to be worried a about? I dont keep personal files on my streaming server, its just videos, music and isos/roms. I dont restrict sign ups, so the idea of an unauthorized user doing something like download a video is a non issue for me really.
I do see where there could be problems for folks running jfin on the same server they keep private photos or for people who charge users for acess, but thats not me.
Am i missing something or is the main result of most of these that a “malicious” actor could dowload files jellyfin has access to without authentication?
I guess the worst thing is that your server starts attacking the US military servers because you’ve become part of a botnet.
That happened to my friend one time when I installed Linux on his computer. He made the username and password the same 4-character word. Got a letter from the DoD.
I dont think they would be so forgiving these days. Especially if you’re brown.
With unrestricted signups, they can obtain their own account easily. With their own account they can enumerate all your other users.
If they have their own account they can just find your instance, make a login, collect all the proof they need that you’re hosting content you don’t own (illegally own) then serve you a court summons and ruin your life.
I wouldn’t worry about the vulnerability in the link since your already wide open. But I wouldn’t leave Jellyfin wide open either. Movie and TV studios are quite litigious.
I hope you’re at least gatekeeping behind a vpn or something.
Edit: typo
Well it’s hosted in The Netherlands and I did take some steps to protect my own identity in regards to registration info, but if the studios did take an interest i’d probably have some fun with it by decaliring bankrupcy and dragging out the appeals.
I mean, sure… but you’d actually have to reasonably liquidate most of your assets at that point. You can’t just “claim” bankruptcy and do literally nothing to sate your debts. Of course this is different on a jurisdictional basis… but overall, you have to sell a lot of your stuff in order to do a proper bankruptcy.
https://www.financestrategists.com/financial-advisor/bankruptcy/what-can-you-keep-after-filing-bankruptcy
It can decimate any savings you have for retirement.
What assets?🤣
Fair enough if you don’t actually have any… but the courts will still make that decision for you. Some things might count that you don’t expect.