2024-12-26, 05:42 PM
(This post was last modified: 2024-12-26, 05:43 PM by TheDreadPirate. Edited 1 time in total.)
The level of access gained from a hypothetical exploit would determine what they can do afterwards. This is the reason that Jellyfin runs as its own user for direct Linux installs and our documentation recommends running a docker container as your user instead of as root. Because a hypothetical exploit in Jellyfin while it is running as root would grant an attacker significantly more access than an unprivileged user.
Even then, not all exploits would grant an attacker unfettered access to the system or resources on remote systems networked to it. Perhaps it would only give them access to the contents of memory, they can't write to disk to make their access persistent.
Having said that, a random attacker is very very very unlikely to want to expend that kind of effort on someone's Jellyfin server and home network. If they have the skill to find and exploit a, probably, zero-day vulnerability they're going after someone they can actually get a big pay day from.
Even then, not all exploits would grant an attacker unfettered access to the system or resources on remote systems networked to it. Perhaps it would only give them access to the contents of memory, they can't write to disk to make their access persistent.
Having said that, a random attacker is very very very unlikely to want to expend that kind of effort on someone's Jellyfin server and home network. If they have the skill to find and exploit a, probably, zero-day vulnerability they're going after someone they can actually get a big pay day from.
Jellyfin 10.10.3 (Docker)
Ubuntu 24.04 LTS
Intel i3 12100
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
3x WD Red Pro 6TB CMR in RAIDZ1 (JF Library)
![[Image: GitHub%20Sponsors-grey?logo=github]](https://img.shields.io/badge/GitHub%20Sponsors-grey?logo=github)
Ubuntu 24.04 LTS
Intel i3 12100
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
3x WD Red Pro 6TB CMR in RAIDZ1 (JF Library)