6 matches found
CVE-2024-49763
PlexRipper is a cross-platform media downloader for Plex. PlexRipper’s open CORS policy allows attackers to gain sensitive information from PlexRipper by getting the user to access the attacker’s domain. This allows an attacking website to access the /api/PlexAccount endpoint and steal the user’s...
CVE-2024-49763
PlexRipper is a cross-platform media downloader for Plex. PlexRipper’s open CORS policy allows attackers to gain sensitive information from PlexRipper by getting the user to access the attacker’s domain. This allows an attacking website to access the /api/PlexAccount endpoint and steal the user’s...
CVE-2024-49763 PlexRipper allows API leak due to open CORS policy
PlexRipper is a cross-platform media downloader for Plex. PlexRipper’s open CORS policy allows attackers to gain sensitive information from PlexRipper by getting the user to access the attacker’s domain. This allows an attacking website to access the /api/PlexAccount endpoint and steal the user’s...
CVE-2024-49763 PlexRipper allows API leak due to open CORS policy
PlexRipper is a cross-platform media downloader for Plex. PlexRipper’s open CORS policy allows attackers to gain sensitive information from PlexRipper by getting the user to access the attacker’s domain. This allows an attacking website to access the /api/PlexAccount endpoint and steal the user’s...
CVE-2024-49763
PlexRipper (open-source media downloader for Plex) is affected by an open CORS policy that allows cross-origin requests to the /api/PlexAccount endpoint, enabling an attacker-controlled site to access sensitive information and steal user Plex login details. Root cause is the permissive CORS confi...
PT-2024-33673 · Unknown · Plexripper
Name of the Vulnerable Software and Affected Versions: PlexRipper versions prior to 0.24.0 Description: PlexRipper's open CORS policy allows attackers to gain sensitive information by getting the user to access the attacker's domain. This enables an attacking website to access the...