Skip to main content

Navidrome CVE-2024-41259

CRITICAL
Information Exposure (CWE-200)
2024-08-01 cve@mitre.org
9.1
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 01, 2024 - 21:15 cve.org
CRITICAL 9.1

DescriptionCVE.org

Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information.

AnalysisAI

Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information. Affected products include: Navidrome.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2025-27112 MEDIUM POC
6.9 Feb 24

Navidrome is an open source web-based music collection server and streamer. Rated medium severity (CVSS 6.9), this vulne

CVE-2024-47062 CRITICAL POC
9.4 Sep 20

Navidrome is an open source web-based music collection server and streamer. Rated critical severity (CVSS 9.4), this vul

CVE-2023-51442 HIGH POC
8.6 Dec 21

Navidrome is an open source web-based music collection server and streamer. Rated high severity (CVSS 8.6), this vulnera

CVE-2026-25579 MEDIUM POC
6.5 Feb 04

Navidrome versions prior to 0.60.0 allow authenticated users to trigger denial of service by requesting image resizing w

CVE-2026-25578 MEDIUM POC
6.1 Feb 04

Navidrome versions before 0.60.0 contain a stored cross-site scripting vulnerability in song comment metadata that allow

CVE-2024-32963 MEDIUM POC
4.2 May 01

Navidrome is an open source web-based music collection server and streamer. Rated medium severity (CVSS 4.2), this vulne

CVE-2024-56362 MEDIUM
5.5 Dec 23

Navidrome is an open source web-based music collection server and streamer. Rated medium severity (CVSS 5.5), this vulne

CVE-2025-48949 HIGH
8.9 May 30

Navidrome is an open source web-based music collection server and streamer. Rated high severity (CVSS 8.9), this vulnera

CVE-2025-48948 HIGH POC
7.4 May 30

Navidrome is an open source web-based music collection server and streamer. Rated high severity (CVSS 7.4), this vulnera

Share

CVE-2024-41259 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy