3 matches found
CVE-2024-28194 Authentication Bypass Because of Hardcoded JWT Secret in your_spotify
yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions 1.8.0 use a hardcoded JSON Web Token JWT secret to sign authentication tokens. Attackers can use this well-known value to forge valid authentication tokens for arbitrary users. This vulnerability allows...
CVE-2024-28194
CVE-2024-28194 concerns YourSpotify, an open-source self-hosted dashboard for Spotify tracking. Versions prior to 1.8.0 use a hardcoded JWT secret to sign authentication tokens, enabling attackers to forge valid tokens and bypass authentication as any user, including admins. Affected component is...
CVE-2024-28194 Authentication Bypass Because of Hardcoded JWT Secret in your_spotify
yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions 1.8.0 use a hardcoded JSON Web Token JWT secret to sign authentication tokens. Attackers can use this well-known value to forge valid authentication tokens for arbitrary users. This vulnerability allows...