Lucene search
K

158 matches found

EUVD
EUVD
added 2025/02/24 6:37 p.m.12 views

EUVD-2025-5077

Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication check process allows an attacker to specify any arbitrary username that does not exist on the system,...

6.9CVSS6.5AI score0.00936EPSS
Exploits1References2
OSV
OSV
added 2025/02/24 6:37 p.m.15 views

CVE-2025-27112 Navidrome has authentication bypass in Subsonic API with non-existent username

Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication check process allows an attacker to specify any arbitrary username that does not exist on the system,...

6.9CVSS6.9AI score0.00936EPSS
Exploits1References4
CVE
CVE
added 2025/02/24 6:37 p.m.244 views

CVE-2025-27112

Navidrome ≤0.54.5 is vulnerable to an authentication bypass in certain Subsonic API endpoints. A flaw in the authentication check allows an attacker to specify any non-existent username together with a salted hash of an empty password, making the request appear authenticated and granting read-onl...

6.9CVSS7.2AI score0.00936EPSS
In wildExploits1References2Affected Software1
OSV
OSV
added 2024/08/21 2:30 p.m.11 views

GO-2023-2414 Authentication bypass vulnerability in navidrome's subsonic endpoint in github.com/navidrome/navidrome

Authentication bypass vulnerability in navidrome's subsonic endpoint in github.com/navidrome/navidrome...

8.6CVSS8.6AI score0.0069EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2023/12/21 3:15 p.m.29 views

CVE-2023-51442

Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token JWT signed wit...

7.5CVSS7.7AI score0.0069EPSS
Exploits1
NVD
NVD
added 2023/12/21 3:15 p.m.37 views

CVE-2023-51442

Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token JWT signed wit...

8.6CVSS0.0069EPSS
Exploits1References2
Prion
Prion
added 2023/12/21 3:15 p.m.15 views

Authentication flaw

Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token JWT signed wit...

7.5CVSS7.6AI score0.0069EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/12/21 2:54 p.m.40 views

CVE-2023-51442 Authentication bypass vulnerability in navidrome's subsonic endpoint

Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token JWT signed wit...

8.6CVSS9.1AI score0.0069EPSS
Exploits1References2
OSV
OSV
added 2023/12/21 2:54 p.m.32 views

CVE-2023-51442 Authentication bypass vulnerability in navidrome's subsonic endpoint

Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token JWT signed wit...

8.6CVSS8.7AI score0.0069EPSS
Exploits1References4
CVE
CVE
added 2023/12/21 2:54 p.m.97 views

CVE-2023-51442

Navidrome vulnerability CVE-2023-51442 affects the subsonic authentication endpoint. A JWT signed with the hardcoded key "not so secret" can bypass authentication on instances that have never been restarted, potentially granting access to existing user accounts via the /rest/ endpoint. The issue ...

8.6CVSS8.8AI score0.0069EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/19 11:37 p.m.36 views

Authentication bypass vulnerability in navidrome's subsonic endpoint

Summary A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token JWT signed with the key "not so secret". The vulnerability can only be exploited o...

8.6CVSS7.7AI score0.0069EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/12/19 11:37 p.m.36 views

GHSA-WQ59-4Q6R-635R Authentication bypass vulnerability in navidrome's subsonic endpoint

Summary A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token JWT signed with the key "not so secret". The vulnerability can only be exploited o...

8.6CVSS8.9AI score0.0069EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/12/19 12:0 a.m.5 views

PT-2023-31832 · Navidrome · Navidrome

Name of the Vulnerable Software and Affected Versions: Navidrome versions prior to 0.50.2 Description: A security issue has been identified in Navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web...

8.6CVSS7.3AI score0.0069EPSS
Exploits1References9
Check Point Advisories
Check Point Advisories
added 2022/09/18 12:0 a.m.29 views

Subsonic Server Side Request Forgery (CVE-2017-9355)

A vulnerability exists in Subsonic. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

4.3CVSS5AI score0.26906EPSS
Exploits5
NVD
NVD
added 2021/04/13 8:15 p.m.21 views

CVE-2021-21399

Ampache is a web based audio/video streaming application and file manager. Versions prior to 4.4.1 allow unauthenticated access to Ampache using the subsonic API. To successfully make the attack you must use a username that is not part of the site to bypass the auth checks. For more details and...

9.1CVSS0.01438EPSS
Exploits1References1
OSV
OSV
added 2021/04/13 8:15 p.m.4 views

UBUNTU-CVE-2021-21399

Ampache is a web based audio/video streaming application and file manager. Versions prior to 4.4.1 allow unauthenticated access to Ampache using the subsonic API. To successfully make the attack you must use a username that is not part of the site to bypass the auth checks. For more details and...

9.1CVSS7AI score0.01438EPSS
Exploits1References3
Prion
Prion
added 2021/04/13 8:15 p.m.21 views

Design/Logic Flaw

Ampache is a web based audio/video streaming application and file manager. Versions prior to 4.4.1 allow unauthenticated access to Ampache using the subsonic API. To successfully make the attack you must use a username that is not part of the site to bypass the auth checks. For more details and...

5CVSS7.6AI score0.01438EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/04/13 5:50 p.m.25 views

CVE-2021-21399 Unauthenticated SubSonic backend access in Ampache

Ampache is a web based audio/video streaming application and file manager. Versions prior to 4.4.1 allow unauthenticated access to Ampache using the subsonic API. To successfully make the attack you must use a username that is not part of the site to bypass the auth checks. For more details and...

9.1CVSS9.6AI score0.01438EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2021/04/13 12:0 a.m.7 views

PT-2021-14476 · Ampache · Ampache

Name of the Vulnerable Software and Affected Versions: Ampache versions prior to 4.4.1 Description: The issue allows unauthenticated access to Ampache using the subsonic API. To exploit this, an attacker must use a username that is not part of the site to bypass the auth checks. Recommendations:...

9.1CVSS7.8AI score0.01438EPSS
Exploits1References6
OSV
OSV
added 2018/12/19 11:29 a.m.7 views

CVE-2018-20228

Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF...

8CVSS5.8AI score0.0042EPSS
Exploits3References1
Rows per page
Query Builder