Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
Tautulli versions 2.1.38 and below allows remote attackers to bypass intended access control in Plex Media Server because the X-Plex-Token is mishandled and can be retrieved from Tautulli. NOTE: Initially, this id was associated with Plex Media Server 1.18.2.2029-36236cc4c as the affected product and version. Further research indicated that Tautulli is the correct affected product.
- https://www.elladodelmal.com/2018/08/shodan-es-de-cine-hacking-tautulli-un.html
- https://www.exploit-db.com/docs/47790
- https://github.com/ARPSyndicate/cvemon
- https://github.com/elkassimyhajar/CVE-2018-16809
- https://github.com/manmolecular/tautulli-cve-2018-21031
- https://github.com/n0-traces/cve_monitor