Description

PlexRipper is a cross-platform media downloader for Plex. PlexRipper’s open CORS policy allows attackers to gain sensitive information from PlexRipper by getting the user to access the attacker’s domain. This allows an attacking website to access the /api/PlexAccount endpoint and steal the user’s Plex login. This vulnerability is fixed in 0.24.0.

INFO

Published Date :

2024-12-02T16:41:26.846Z

Last Modified :

2024-12-02T17:22:07.037Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-49763 vulnerability.

Vendors Products
Plexripper Project
  • Plexripper
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-49763.

URL Resource
https://github.com/PlexRipper/PlexRipper/commit/184074644a1f5a8ac59519929a9c4b92280fb2a1 cve-icon cve-icon
https://securitylab.github.com/advisories/GHSL-2024-305_PlexRipper/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability