FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Plex Media Server -- security vulnerability

Affected packages
plexmediaserver < 1.25.0
plexmediaserver-plexpass < 1.25.0

Details

VuXML ID 98f78c7a-a08e-11ed-946e-002b67dfc673
Discovery 2021-10-22
Entry 2023-01-30

Plex Security Team reports:

We have recently been made aware of a security vulnerability in Plex Media Server versions prior to 1.25.0 that could allow a local Windows user to obtain administrator privileges without authorization. To be clear, this required the user to already have local, physical access to the computer (just with a different user account on Windows). There are no indications that this exploit could be used from a remote machine.

Plex Media Server versions 1.25.0.5282 and newer are not subject to this vulnerability, and feature additional hardening to prevent similar issues from occurring in the future. Users running older server versions are encouraged to update their Plex Media Server installations.

References

CVE Name CVE-2021-42835
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42835