Authentication flaw

2023-06-2820:15:00

PRIOn knowledge base

www.prio-n.com

emby server

vulnerability

x-forwarded-for header

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.1%

Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For header to a local IP-address.

CPENameOperatorVersion
embylt4.7.12.0

CPE	Name	Operator	Version
	emby	lt	4.7.12.0

References

emby.media/community/index.php?/topic/98191-emby-server-46-released/

github.com/EmbySupport/security/security/advisories/GHSA-fffj-6fr6-3fgf

github.com/MediaBrowser/Emby/issues/3784