Or switch to Jellyfin y’know
The flaw’s CVSS score is the highest possible, and tells us that it can be exploited remotely over the internet, without user interaction or attackers having to authenticate first.
Glad I switched to jellyfin when they started making remote streaming paid. Been happier since, fuck plex
Literally just use Jellyfin and an overlay network.
Continuously being proven correct for switching to Jellyfin a few months ago and exposing it over tailscale
daaaamn but you have to have your server accessible to the internet right?
It looks like it yes, so anyone using the remote feature would be at risk. If its firewalled off and only accessible locally I can’t imagine how an attacker could do anything.
ya i know it phones home to plex and thought maybe this exploit could take advantage of that even if you hadn’t enabled “remote” access, but that’s probably unlikely
The exploit is currently private so we really just don’t know yet, looking forward to seeing what it is tbh
Another suggestion. Get a cheap domain, you can then use a reverse proxy like nginx (theres a webui for it too).
So. plexcum.abc.xyz goes to your plex. And since the cert and dns are both wildcards. Someone will have to guess plexcum to get to your plex.
or they could just traverse all IP addresses and get to yours
They’ll still only see nginx on port 80 and 443, only if they supply subdomain will they be able access. You don’t forward plex directly.
I’ve been using Pangolin as a reverse proxy lately and like it.
You can add auth and 2fa on the proxy side so you don’t have to worry about individual services, and if you wildcard it, you can generate temporary links with fake subdomains that you can share.
It’s just traefik and wireguard under the hood, but being able to expose local services and offload security to a server running somewhere in the cloud that can be shut off to instantly close off your network is nice.
I threw it up on a $5 vps and it handles my traffic just fine.
tru
deleted by creator
