CVE-2024-56362 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-56362 PUBLISHED CVSS 7.099999904632568 HIGH

Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. This vulnerability is fixed in 0.54.1.

EPSS 0.04% · 11.5th percentile

Risk Scores

CVSS v3.1

7.099999904632568

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Score

0.04%

11.5th percentile

Affected Products

Vendor	Product	Versions
github.com	navidrome/navidrome	0, 0
navidrome	navidrome	< 0.54.1, 0, < 0.54.1

Timeline

Jan 21, 1970 Security Advisory
Dec 23, 2024 CVE Published
Dec 23, 2024 Coalition ESS Score
Dec 23, 2024 PoC Published
Dec 23, 2024 PoC Published
Dec 24, 2024 EPSS Score
Jan 9, 2025 EPSS Score
Jan 15, 2025 CVE Updated
Jan 24, 2025 EPSS Score
Feb 9, 2025 EPSS Score
Feb 25, 2025 EPSS Score
Mar 13, 2025 EPSS Score

References

Open in Interactive Console →