2 matches found
SUSE CVE-2024-56362
Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. Th...
CVE-2024-56362
Navidrome is affected by CVE-2024-56362, a vulnerability where the JWT secret is stored in plaintext in the navidrome.db database file under the property table. This insecure storage allows anyone with access to the database file to retrieve the secret, potentially enabling token forgery and acco...