+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: Troubleshooting (https://forum.jellyfin.org/f-troubleshooting)
+--- Thread: SOLVED: data breach (/t-solved-data-breach)
data breach - wen o - 2024-01-25
No login required to access
/Items/c468674a982993e9d4b707d3584e6a79/Images/Primary
Content, this is a serious data breach problem
RE: data breach - niels - 2024-01-25
This is known behavior and not a data breach
https://github.com/jellyfin/jellyfin/issues/5415
RE: data breach - wen o - 2024-01-25
Is there any way to solve this problem?
RE: data breach - tmsrxzar - 2024-01-25
(2024-01-25, 03:03 PM)wen o Wrote: Is there any way to solve this problem?
disable jellyfin-web
disable access to jellyfin-web
the expectation is that security will be handled external to jellyfin, jellyfin itself is not security hardened (at all)
RE: data breach - niels - 2024-01-25
Disabling jellyfin-web has exactly zero effect since this is entirely within the server