Is CVE-2019-19141 actively exploited?

CVE-2019-19141 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2019-19141?

CVE-2019-19141 has a CVSS score of 8.8 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2019-19141?

Patch guidance is available from plex security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2019-19141.

Fix CVE-2019-19141 - HIGH plex media server

Description

The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. This allows remote code execution via a variety of methods, such as (on a default Ubuntu installation) creating a .ssh folder in the plex user's home directory via directory traversal, uploading an SSH authorized_keys file there, and logging into the host as the Plex user via SSH.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-22 · Path Traversal

Metadata

Primary Vendor: PLEX
Published: 12/19/2019
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2019-19141

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary