|
|
|
|
|
|
by hurutparittya
414 days ago
|
|
|
So if I understand the last comment correctly... It's possible to get unauthenticated streams if you know the media paths. Media collections, at least in my experience, usually adhere to a few common organization schemes. This would allow someone with a list of common titles, which are available in various public databases, to leak data by brute force from a public facing Jellyfin instance quite efficiently. Discounting this as merely "suboptimal behavior" sounds like a mistake. |
|
|