Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests from forked repositories. Due to the workflow's elevated permissions (nearly all write permissions), this vulnerability enables full repository takeover of jellyfin/jellyfin-ios, exfiltration of highly privileged secrets, Apple App Store supply chain attack, GitHub Container Registry (ghcr.io) package poisoning, and full jellyfin organization compromise via cross-repository token usage. Note: This is not a code vulnerability, but a vulnerability in the GitHub Actions workflows. No new version is required for this GHSA and end users do not need to take any actions.
The vulnerability results from improper permission management (CWE-269) in the CI/CD workflow: code-quality.yml has broadly granted write permissions to the repository. An attacker can send a pull request from a forked repository whose code will be executed in the context of a privileged workflow. This enables access to organization secrets, modification of repository content, and injection of malicious code into packages published in GitHub Container Registry (ghcr.io) and distribution on the Apple App Store.
An attacker can gain full control over the jellyfin/jellyfin-ios repository, steal highly privileged secrets, infect container packages and compromise the entire Jellyfin organization through multiple use of tokens across repositories, constituting a supply chain attack.
The vulnerability only affects GitHub Actions workflow, not application code — end users do not need to take any action. The fix was introduced by the project creators in commit 109217e75f38394b2f6e46e25dfe5a721203d3c8 in the jellyfin/jellyfin-ios repository. Administrators of similar projects should verify the permissions of their own CI/CD workflows and restrict code execution from pull requests of external forks.
Repository jellyfin/jellyfin-ios — GitHub Actions workflow code-quality.yml; affects the project's CI/CD infrastructure, not the end software installed by users.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HJellyfin
APPJellyfinwszystkie wersje
Related vulnerabilities
Jellyfin: RCE jako root przez path traversal w endpoincie przesyłania napisów
Jellyfin: odczyt dowolnych plików przez command injection w ffmpeg
jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prio...
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain i...
Jellyfin is an open source self hosted media server. Versions before 10.10.7 are vulnerable to argument inject...