FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Plex Media Server -- Information Disclosure Vulnerability

Affected packages
plexmediaserver < 1.13.5.5332
plexmediaserver-plexpass < 1.13.5.5332

Details

VuXML ID 337960ec-b5dc-11e8-ac58-a4badb2f4699
Discovery 2018-08-01
Entry 2018-09-11

Chris reports:

The XML parsing engine for Plex Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Unauthenticated attackers on the same LAN can use this vulnerability to:

References

CVE Name CVE-2018-13415
URL https://seclists.org/fulldisclosure/2018/Aug/1