Описание
Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. This vulnerability is fixed in 0.54.1.
EPSS
Процентиль: 3%
0.00018
Низкий
7.1 High
CVSS3
Дефекты
CWE-312
Связанные уязвимости
CVSS3: 7.1
github
8 месяцев назад
Navidrome Stores JWT Secret in Plaintext in navidrome.db
EPSS
Процентиль: 3%
0.00018
Низкий
7.1 High
CVSS3
Дефекты
CWE-312