minus-squareSelfhoster1728@infosec.pubtoSelfhosted@lemmy.world•Sharing JellyfinlinkfedilinkEnglisharrow-up14·edit-25 days agoSee this issue on their github repo: here Basically from what I understand there’s loads of unauthenticated api calls, so someone can very easily exploit that. If they just supported mTLS in their clients it wouldn’t be an issue but oh well :( linkfedilink
See this issue on their github repo: here
Basically from what I understand there’s loads of unauthenticated api calls, so someone can very easily exploit that.
If they just supported mTLS in their clients it wouldn’t be an issue but oh well :(