CVE-2022-35909

CVE-2022-35909

In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality.

GHSA-qwp3-5fw3-5wgv

Incorrect Access Control and Cross Site Scripting in Jellyfin