Description

Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. This vulnerability is fixed in 0.54.1.

INFO

Published Date :

2024-12-23T17:19:51.108Z

Last Modified :

2024-12-24T01:35:29.314Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-56362 vulnerability.

Vendors Products
Navidrome
  • Navidrome
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-56362.

URL Resource
https://github.com/navidrome/navidrome/commit/7f030b0859653593fd2ac0df69f4a313f9caf9ff cve-icon cve-icon
https://github.com/navidrome/navidrome/commit/9cbdb20a318a49daf95888b1fd207d4d729b55f1 cve-icon cve-icon
https://github.com/navidrome/navidrome/security/advisories/GHSA-xwx7-p63r-2rj8 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact