From 620614c60f94324f19c33d109199f1f026b41b1f Mon Sep 17 00:00:00 2001 From: Nuno Teixeira Date: Mon, 30 Jan 2023 11:28:30 +0000 Subject: [PATCH] security/vuxml: Document CVE-2021-42835 for multimedia/plexmediaserver{-plexpass} < 1.25.0 PR: 269226 Reported by: grahamperrin --- security/vuxml/vuln/2023.xml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 69a71f064588..048c383e8c1c 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,31 @@ + + Plex Media Server -- security vulnerability + + + plexmediaserver + plexmediaserver-plexpass + 1.25.0 + + + + +

Plex Security Team reports:

+
+

We have recently been made aware of a security vulnerability in Plex Media Server versions prior to 1.25.0 that could allow a local Windows user to obtain administrator privileges without authorization. To be clear, this required the user to already have local, physical access to the computer (just with a different user account on Windows). There are no indications that this exploit could be used from a remote machine.

+

Plex Media Server versions 1.25.0.5282 and newer are not subject to this vulnerability, and feature additional hardening to prevent similar issues from occurring in the future. Users running older server versions are encouraged to update their Plex Media Server installations.

+
+ + + + CVE-2021-42835 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42835 + + + 2021-10-22 + 2023-01-30 + + + prometheus2 -- basic authentication bypass