Jellysweep Uncontrolled Download Vulnerability in Image Cache API Endpoint
Vulnerability
A vulnerability in Jellysweep, a cleanup tool for the Jellyfin media server, allows authenticated users to exploit the image cache API endpoint. In versions prior to 0.13.0, the endpoint accepted a URL parameter that was directly passed to the cache package, enabling the server to download arbitrary content from the internet. This issue has been addressed in version 0.13.0, where the vulnerable functionality was removed and the cache package was relocated to the internal directory to prevent external imports.
Impact
Exploitation of this vulnerability could lead to unauthorized downloading of content from external sources, potentially causing a denial-of-service by overwhelming the server with requests or downloading harmful files.
Reproduction
To reproduce this vulnerability, send a request to the '/api/images/cache' endpoint with a valid URL parameter pointing to the content to be downloaded. Ensure that the request is made by an authenticated user.
Remediation
Users can upgrade to Jellysweep version 0.13.0 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.