Navidrome
CVE-2024-56362
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. This vulnerability is fixed in 0.54.1.
AnalysisAI
Navidrome is an open source web-based music collection server and streamer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-312. Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. This vulnerability is fixed in 0.54.1. Affected products include: Navidrome.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Navidrome is an open source web-based music collection server and streamer. Rated medium severity (CVSS 6.9), this vulne
Navidrome is an open source web-based music collection server and streamer. Rated critical severity (CVSS 9.4), this vul
Navidrome is an open source web-based music collection server and streamer. Rated high severity (CVSS 8.6), this vulnera
Navidrome versions prior to 0.60.0 allow authenticated users to trigger denial of service by requesting image resizing w
Navidrome versions before 0.60.0 contain a stored cross-site scripting vulnerability in song comment metadata that allow
Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's
Navidrome is an open source web-based music collection server and streamer. Rated medium severity (CVSS 4.2), this vulne
Navidrome is an open source web-based music collection server and streamer. Rated high severity (CVSS 8.9), this vulnera
Navidrome is an open source web-based music collection server and streamer. Rated high severity (CVSS 7.4), this vulnera
Same weakness CWE-312 – Cleartext Storage of Sensitive Information
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today