-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe GitHub PR #7569 shows the critical authorization policy change from DefaultAuthorization to RequiresElevation for SetRepositories. This directly correlates with the CVE's description of incorrect access control on the /users endpoint (which handles plugin repositories). The XSS vulnerability stems from the ability to store untrusted input (repository names) via this improperly secured endpoint, which would execute in admin contexts.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Jellyfin.Common | nuget | < 10.8.0 | 10.8.0 |