Jellyfin Unauthenticated Arbitrary File Read Vulnerability via FFMpeg Argument Injection

A vulnerability in Jellyfin versions prior to 10.11.7 allows unauthenticated users to read arbitrary files from the server. This is achieved through ffmpeg argument injection via the StreamOptions query parameter. The vulnerability arises because the ParseStreamOptions method in StreamingHelpers.cs adds lowercase query parameters to a dictionary without proper validation, bypassing the RegularExpression attribute on the level controller parameter. The unsanitized value is then directly concatenated into the ffmpeg command line. By injecting a drawtext filter with a textfile argument, an attacker can access sensitive files like /etc/shadow and exfiltrate their contents as text rendered in the video stream response. The exploitation is possible on the /Videos/{itemId}/stream endpoint, which lacks authentication requirements, although item GUIDs are pseudorandom and need to be obtained by an authenticated user.

Impact

Exploitation of this vulnerability leads to unauthorized access and reading of arbitrary server files, with the potential to exfiltrate sensitive information such as password hashes from the /etc/shadow file.

Reproduction

To reproduce this vulnerability, send a request to the /Videos/{itemId}/stream endpoint with a crafted StreamOptions query parameter that includes an injected ffmpeg argument. The injected argument should specify a drawtext filter that references a file to be read, such as /etc/shadow. The response will include the contents of the file overlayed as text in the video stream.

Remediation

Users are advised to upgrade to Jellyfin version 10.11.7 or later, where this vulnerability has been fixed.