starred/jellyfin
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2026-05-04 18:09:12 +03:00
Code Issues 822 Packages Projects Releases 10 Wiki Activity

Jellyfin server exposes videos before authenticating a client #7046

New Issue
Closed
opened 2026-02-07 04:26:31 +03:00 by OVERLORD · 2 comments
OVERLORD commented 2026-02-07 04:26:31 +03:00
Owner
Copy Link

Originally created by @AArnott on GitHub (May 29, 2025).

When I tried connecting to my Jellyfin server from an Amazon Fire client, I was presented with a Quick Connect challenge. Before completing it, I noticed that the very attractive screen was actually made up all of movies that the server hosts.

This is a privacy problem. Anyone with my Jellyfin URL can discover videos I have. They should have to authenticate first!

This is a problem with the Jellyfin server at least, which should not provide API access to this list.
The jellyfin clients may need to be updated to not expect this to work as well.

Originally created by @AArnott on GitHub (May 29, 2025). When I tried connecting to my Jellyfin server from an Amazon Fire client, I was presented with a Quick Connect challenge. Before completing it, I noticed that the very attractive screen was actually made up all of movies that the server hosts. This is a privacy problem. Anyone with my Jellyfin URL can discover videos I have. They should have to authenticate first! This is a problem with the Jellyfin server at least, which should not provide API access to this list. The jellyfin clients may need to be updated to not expect this to work as well.
OVERLORD added the invalid label 2026-02-07 04:26:31 +03:00
OVERLORD commented 2026-02-07 04:26:34 +03:00
Author
Owner
Copy Link

@JPKribs commented on GitHub (May 29, 2025):

You can disable this here:

https://jellyfin.org/docs/general/server/settings/#splash-screen-image

@JPKribs commented on GitHub (May 29, 2025): You can disable this here: https://jellyfin.org/docs/general/server/settings/#splash-screen-image
OVERLORD commented 2026-02-07 04:26:35 +03:00
Author
Owner
Copy Link

@felix920506 commented on GitHub (May 29, 2025):

Working as intended. Please disable option mentioned in above comment.

@felix920506 commented on GitHub (May 29, 2025): Working as intended. Please disable option mentioned in above comment.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
EFjellyfin.db
area:database
awaiting-feedback
backend
blocked
breaking change: web api
bug
build
ci
confirmed
discussion needed
dotnet future
downstream
duplicate
enhancement
feature
future
github-actions
good first issue
hdr
help wanted
invalid
investigation
librarydb
live-tv
lyrics
media playback
music
needs testing
nuget
performance
platform
pull-request
Mirrored from GitHub Pull Request
 question
regression
release critical
requires-web
roadmap
security
security
stale
support
syncplay
ui & ux
upstream
wontfix
No Label invalid
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/jellyfin#7046
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?