Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. This vulnerability is fixed in 0.54.1.
Metrics
Affected Vendors & Products
References
History
Tue, 24 Dec 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 23 Dec 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. This vulnerability is fixed in 0.54.1. | |
Title | Navidrome Stores JWT Secret in Plaintext in navidrome.db | |
Weaknesses | CWE-312 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-12-23T17:19:51.108Z
Updated: 2024-12-24T01:35:29.314Z
Reserved: 2024-12-20T17:34:56.867Z
Link: CVE-2024-56362
Vulnrichment
Updated: 2024-12-24T01:35:24.614Z
NVD
Status : Received
Published: 2024-12-23T18:15:07.617
Modified: 2024-12-23T18:15:07.617
Link: CVE-2024-56362
Redhat
No data.