Selfhoster1728

joined 3 months ago
sorted by: new top controversial old
Sharing Jellyfin in c/selfhosted@lemmy.world
[โ€“] Selfhoster1728@infosec.pub 11 points 4 days ago* (last edited 4 days ago) (2 children)

See this issue on their github repo: here

Basically from what I understand there's loads of unauthenticated api calls, so someone can very easily exploit that.

If they just supported mTLS in their clients it wouldn't be an issue but oh well :(

GameVault Update: Cloud Saves, Steam & Discord Integration, and Affordable Family & Friends Plan in c/selfhosted@lemmy.world
[โ€“] Selfhoster1728@infosec.pub 9 points 1 month ago (3 children)

Oof was looking to start selfhosting this but it has no client Linux support and has a subscription ๐Ÿ˜ฌ๐Ÿ˜ฌ