![]() ![]() ![]() "We have not been contacted by LastPass so we cannot speak to the specifics of their incident.Supporting Article: Official statement from Plex, concerning vulnerabilities, on LastPass Data Breach.This issue allowed an attacker with access to the server administrator’s Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it. We have recently been made aware of a security vulnerability related to Plex Media Server.Supporting Article: Plex Security, regarding security vulnerability CVE-2020-5741.Link to Cybersecurity & Infrastructure Security Agency (CISA).This issue could not be exploited without first gaining access to the server's Plex account." "This could be done by setting the server data directory to overlap with the content location for a library on which Camera Upload was enabled.Attackers with "admin access to a Plex Media Server could abuse the Camera Upload feature to make the server execute malicious code," according to an advisory published by the Plex Security Team in May 2020 when it patched the bug with the release of Plex Media Server 1.19.3.Article: CISA warns of actively exploited Plex bug after LastPass breach. ![]()
0 Comments
Leave a Reply. |