SUSE CVE-2024-56362

Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. Th...

Sensitive Information Disclosure

Navidrome is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper handling of sensitive information because the JWT secret is stored in plaintext in the navidrome.db database file, making it retrievable by anyone with access to the database...

PT-2024-36804 · Navidrome +1 · Navidrome +1

Name of the Vulnerable Software and Affected Versions: Navidrome versions prior to 0.54.1 Description: Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file...

Navidrome 安全漏洞

Navidrome is Navidrome Open Source a web-based open source music collection server and streamer. Used to freely listen to music collections from any browser or mobile device. A security vulnerability exists in Navidrome 0.53.3 and earlier versions, which stems from storing a JWT key in plaintext ...