CVE-2024-28192 NoSQL Injection Leading to Authentication Bypass in your_spotify

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.8.0 is vulnerable to NoSQL injection in the public access token processing logic. Attackers can fully bypass the public token authentication mechanism, regardless if a public token has been generated befo...

CVE-2024-28192 NoSQL Injection Leading to Authentication Bypass in your_spotify

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.8.0 is vulnerable to NoSQL injection in the public access token processing logic. Attackers can fully bypass the public token authentication mechanism, regardless if a public token has been generated befo...

CVE-2024-28194 Authentication Bypass Because of Hardcoded JWT Secret in your_spotify

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions 1.8.0 use a hardcoded JSON Web Token JWT secret to sign authentication tokens. Attackers can use this well-known value to forge valid authentication tokens for arbitrary users. This vulnerability allows...

CVE-2024-28195

The CVE-2024-28195 CSRF vulnerability affects the YourSpotify self-hosted dashboard (API and login flow). Affected versions are prior to 1.9.0, where CSRF protections were insufficient, enabling attackers to execute CSRF attacks that can retrieve, modify, or delete data on the victim instance. Re...