U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:plex:media_server:1.18.2.2029-36236cc4c:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 5 matching records.
Displaying matches 1 through 5.
Vuln ID Summary CVSS Severity
CVE-2021-42835

An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. An attacker (with a foothold in a endpoint via a low-privileged user account) can access the exposed RPC service of the update service component. This RPC functionality allows the attacker to interact with the RPC functionality and execute code from a path of his choice (local, or remote via SMB) because of a TOCTOU race condition. This code execution is in the context of the Plex update service (which runs as SYSTEM).

Published: December 08, 2021; 10:15:10 AM -0500
V3.1: 7.0 HIGH
V2.0: 6.9 MEDIUM
CVE-2020-5742

Improper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin application requests.

Published: June 15, 2020; 4:15:11 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-5741

Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.

Published: May 08, 2020; 9:15:11 AM -0400
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-5740

Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges.

Published: April 22, 2020; 12:15:13 PM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2018-21031

Tautulli versions 2.1.38 and below allows remote attackers to bypass intended access control in Plex Media Server because the X-Plex-Token is mishandled and can be retrieved from Tautulli. NOTE: Initially, this id was associated with Plex Media Server 1.18.2.2029-36236cc4c as the affected product and version. Further research indicated that Tautulli is the correct affected product.

Published: November 18, 2019; 12:15:10 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM