Yeah, a company got toasted because one of their admins was running Plex and had tautulli installed and opened to the outside figuring it was read-only and safe.
Zero day bug in tat exposed his Plex token. They then used another vulnerability in Plex to remote code execute. He was self-hosting a GitHub copy of all the company’s code.
=> More informations about this toot | View the thread | More toots from linearchaos@lemmy.world
=> View slug@lemmy.world profile
text/geminiThis content has been proxied by September (ba2dc).