CVE-2024-56362

Published Dec 23, 2024

Last updated 2 months ago

CVSS high 7.1

Overview

Description
Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. This vulnerability is fixed in 0.54.1.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.1
Impact score
5.2
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Severity
HIGH

Weaknesses

security-advisories@github.com
CWE-312

Social media

Hype score
Not currently trending

  1. CVE-2024-56362 (CVSS:7.1, HIGH) is Awaiting Analysis. Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext..https://t.co/yYWl8I03OK #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    28 Dec 2024

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-56362 (CVSS:7.1, HIGH) is Awaiting Analysis. Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext..https://t.co/yYWl8I03OK #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    27 Dec 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE Alert: CVE-2024-56362 - https://t.co/RoILmAKxCL #OSINT #ThreatIntel #CyberSecurity #cve_2024_56362

    @RedPacketSec

    24 Dec 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-56362 Plaintext JWT Secret Vulnerability in Navidrome Fixed in 0.54.1 Navidrome is a web-based server for music collections. It is open source. Navidrome keeps the JWT secret in plain text inside the nav... https://t.co/avdgob4Vky

    @VulmonFeeds

    23 Dec 2024

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2024-56362 Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the p… https://t.co/ICk4pq07oq

    @CVEnew

    23 Dec 2024

    577 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References