Minidlna security vulnerability
Brought to you by:
jmaggard
Menu
▾
▴
#364 Minidlna security vulnerability
i have discovered a security vulnerability that is present in all versions of minidlna. it is exploitable, but requires user interaction/social engineering.
I would be happy to share this privately with anyone that is actively updating the repository before posting it publicly.
if you can help please reply to this ticket.
-Matt
This might be a bug, but not a security vulnerability in my opinion. Modification of /etc/minidlna.conf requires root (file is owned and writable by root only). If you have root access, why would it matter that you can "compromise" minidlna with that access? You can do whatever you want then, anyway.
https://github.com/mselbrede/CVE-2024-51442