CVE-2024-49763
Severity CVSS v4.0:
HIGH
Type:
Unavailable / Other
Publication date:
02/12/2024
Last modified:
02/12/2024
Description
PlexRipper is a cross-platform media downloader for Plex. PlexRipper’s open CORS policy allows attackers to gain sensitive information from PlexRipper by getting the user to access the attacker’s domain. This allows an attacking website to access the /api/PlexAccount endpoint and steal the user’s Plex login. This vulnerability is fixed in 0.24.0.
Impact
Base Score 4.0
8.70
Severity 4.0
HIGH