What is the severity of CVE-2019-19141?

CVE-2019-19141 has a severity score of 8.8, which is considered high.

How does CVE-2019-19141 affect Plex Media Server?

CVE-2019-19141 affects Plex Media Server versions up to 1.18.2.2029 and allows remote authenticated users to write files anywhere with permissions.

How can I fix CVE-2019-19141 in Plex Media Server?

To fix CVE-2019-19141, users should update Plex Media Server to a version beyond 1.18.2.2029.

Where can I find more information about CVE-2019-19141?

More information about CVE-2019-19141 can be found at this link: https://forums.plex.tv/t/security-camera-upload/507289

Vulnerability/
CVE-2019-19141

high

8.8

CWE

19/12/2019

5/8/2024

CVE-2019-19141: Path Traversal

Q: What is CVE-2019-19141?

CVE-2019-19141 is a vulnerability in Plex Media Server that allows remote authenticated users to write files anywhere with permissions, leading to potential remote code execution.

First published: Thu Dec 19 2019(Updated: )

The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. This allows remote code execution via a variety of methods, such as (on a default Ubuntu installation) creating a .ssh folder in the plex user's home directory via directory traversal, uploading an SSH authorized_keys file there, and logging into the host as the Plex user via SSH.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Plex Media Server	<=1.18.2.2029

Never miss a vulnerability like this again

Reference Links

https://forums.plex.tv/t/security-camera-upload/507289

Frequently Asked Questions

What is CVE-2019-19141?
CVE-2019-19141 is a vulnerability in Plex Media Server that allows remote authenticated users to write files anywhere with permissions, leading to potential remote code execution.
What is the severity of CVE-2019-19141?
CVE-2019-19141 has a severity score of 8.8, which is considered high.
How does CVE-2019-19141 affect Plex Media Server?
CVE-2019-19141 affects Plex Media Server versions up to 1.18.2.2029 and allows remote authenticated users to write files anywhere with permissions.
How can I fix CVE-2019-19141 in Plex Media Server?
To fix CVE-2019-19141, users should update Plex Media Server to a version beyond 1.18.2.2029.
Where can I find more information about CVE-2019-19141?
More information about CVE-2019-19141 can be found at this link: https://forums.plex.tv/t/security-camera-upload/507289

collector/nvd-index
agent/author
agent/severity
agent/references
agent/weakness
agent/type
agent/event
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/plex
canonical/plex media server
version/plex media server/1.18.2.2029

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.