Plugins Database As of 12-11-2019

Plex Media Server Authentication Bypass Vulnerability

Web application abuses
Impact by CVSS Score
  • ID: 1.3.6.1.4.1.25623.1.0.143159

CVSS Base Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Detection Type:
Remote Vulnerability

Solution Type:
Workaround

Summary:
Plex Media Server allows remote attackers to bypass intended access control because X-Plex-Token is mishandled, and can be retrieved from Tautulli if no authentication is enabled there.

Detection Method:
Sends a crafted HTTP GET request and checks the response.

Impact:
An unauthenticated attacker might download various content from the Plex server.

Recommendations:
As a workaround enable authentication for Tautulli to prevent an unauthenticated attacker to obtain the token.

Search
Severity
Medium
CVSS Score
5.0
Published
2019-11-21 05:10:49
Modified
2019-11-21 07:47:15
CVE
CVE-2018-21031

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.