Unrated severityNVD Advisory· Published Dec 19, 2019· Updated Aug 5, 2024
CVE-2019-19141
CVE-2019-19141
Description
The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. This allows remote code execution via a variety of methods, such as (on a default Ubuntu installation) creating a .ssh folder in the plex user's home directory via directory traversal, uploading an SSH authorized_keys file there, and logging into the host as the Plex user via SSH.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Plex/Plex Media Serverdescription
- Range: <=1.18.2.2029
Patches
Vulnerability mechanics
References
1- forums.plex.tv/t/security-camera-upload/507289mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.