CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47062 – Multiple SQL Injections and ORM Leak in navidrome
https://notcve.org/view.php?id=CVE-2024-47062
Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like `password=...` in the URL (ORM Leak). Furthermore, the names of the parameters are not properly escaped, leading to SQL Injections. Finally, the username is used in a `LIKE` statement, allowing people to log in with `%` instead of their username. • https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32963 – Parameter Tampering vulnerability in Navidrome
https://notcve.org/view.php?id=CVE-2024-32963
Navidrome is an open source web-based music collection server and streamer. In affected versions of Navidrome are subject to a parameter tampering vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. The attacker is able to change the parameter values in the body and successfully impersonate another user. In this case, the attacker created a playlist, added song, posted arbitrary comment, set the playlist to be public, and put the admin as the owner of the playlist. The attacker must be able to intercept http traffic for this attack. • https://github.com/navidrome/navidrome/security/advisories/GHSA-4jrx-5w4h-3gpm • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51442 – Authentication bypass vulnerability in navidrome's subsonic endpoint
https://notcve.org/view.php?id=CVE-2023-51442
Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token (JWT) signed with the key "not so secret". The vulnerability can only be exploited on instances that have never been restarted. Navidrome supports an extension to the subsonic authentication scheme, where a JWT can be provided using a `jwt` query parameter instead of the traditional password or token and salt (corresponding to resp. the `p` or `t` and `s` query parameters). • https://github.com/navidrome/navidrome/commit/1132abb0135d1ecaebc41ed97a1e908a4ae02f7c https://github.com/navidrome/navidrome/security/advisories/GHSA-wq59-4q6r-635r • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23857
https://notcve.org/view.php?id=CVE-2022-23857
model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table (which contains sensitive information such as the users' encrypted passwords). El archivo model/criteria/criteria.go en Navidrome versiones anteriores a 0.47.5, es vulnerable a ataques de inyección SQL cuando son procesados listas de reproducción inteligentes diseñadas. Un usuario autenticado podría abusar de esto para extraer datos arbitrarios de la base de datos, incluyendo la tabla de usuarios (que contiene información confidencial como las contraseñas cifradas de usuarios) • https://github.com/navidrome/navidrome/commit/9e79b5cbf2a48c1e4344df00fea4ed3844ea965d https://github.com/navidrome/navidrome/releases/tag/v0.47.5 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •