This issue is HIGH severity due to the potential for unauthorized access and remote code execution, which can lead to full server compromise. Real-world exploitability is high if default configurations or known vulnerable components are used.
The advisory discusses potential vulnerabilities in Proxmox VE, Nginx Proxy Manager, and Jellyfin due to misconfigurations or outdated components. Attack vectors include unauthorized access and remote code execution. Impact is severe as it could lead to server compromise. Home lab users with these configurations are affected.
Affected Systems
- Proxmox VE
- Nginx Proxy Manager
- Jellyfin
Affected Versions: All versions before the latest security updates
Remediation
- Update Proxmox VE to the latest version: apt update && apt upgrade -y proxmox-ve
- Ensure Nginx Proxy Manager is updated to the latest stable release: Follow official documentation for upgrade steps.
- Upgrade Jellyfin to the most recent version: Update through Jellyfin's built-in update mechanism or package manager.
Stack Impact
nginx proxy manager Proxmox VE