FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Plex Media Server -- Information Disclosure Vulnerability

Affected packages
plexmediaserver <
plexmediaserver-plexpass <


VuXML ID 337960ec-b5dc-11e8-ac58-a4badb2f4699
Discovery 2018-08-01
Entry 2018-09-11

Chris reports:

The XML parsing engine for Plex Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Unauthenticated attackers on the same LAN can use this vulnerability to:


CVE Name CVE-2018-13415