Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. This vulnerability is fixed in 0.54.1.
History

Tue, 24 Dec 2024 02:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 23 Dec 2024 17:30:00 +0000

Type Values Removed Values Added
Description Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. This vulnerability is fixed in 0.54.1.
Title Navidrome Stores JWT Secret in Plaintext in navidrome.db
Weaknesses CWE-312
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-12-23T17:19:51.108Z

Updated: 2024-12-24T01:35:29.314Z

Reserved: 2024-12-20T17:34:56.867Z

Link: CVE-2024-56362

cve-icon Vulnrichment

Updated: 2024-12-24T01:35:24.614Z

cve-icon NVD

Status : Received

Published: 2024-12-23T18:15:07.617

Modified: 2024-12-23T18:15:07.617

Link: CVE-2024-56362

cve-icon Redhat

No data.