CVE-2019-19141

Name of the Vulnerable Software and Affected Versions Plex Media Server versions through 1.18.2.2029

Description The issue allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions, potentially leading to remote code execution. This can be achieved through methods such as creating a .ssh folder in the plex user's home directory via directory traversal, uploading an SSH authorized keys file, and logging into the host as the Plex user via SSH.

Recommendations For versions through 1.18.2.2029, consider disabling the Camera Upload functionality until a patch is available to prevent remote code execution. Restrict access to sensitive directories and files to minimize the risk of exploitation. Avoid using the Camera Upload feature in sensitive environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.