Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-51442

Good to know:

icon

Date: December 21, 2023

Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token (JWT) signed with the key "not so secret". The vulnerability can only be exploited on instances that have never been restarted. Navidrome supports an extension to the subsonic authentication scheme, where a JWT can be provided using a `jwt` query parameter instead of the traditional password or token and salt (corresponding to resp. the `p` or `t` and `s` query parameters). This authentication bypass vulnerability potentially affects all instances that don't protect the subsonic endpoint `/rest/`, which is expected to be most instances in a standard deployment, and most instances in the reverse proxy setup too (as the documentation mentions to leave that endpoint unprotected). This issue has been patched in version 0.50.2.

Language: Go

Severity Score

Related Resources (4)

https://github.com/navidrome/navidrome/commit/1132abb0135d1ecaebc41ed97a1e908a4ae02f7c
https://github.com/navidrome/navidrome/security/advisories/GHSA-wq59-4q6r-635r
https://nvd.nist.gov/vuln/detail/CVE-2023-51442
https://www.mend.io/vulnerability-database/CVE-2023-51442

Severity Score

Weakness Type (CWE)

Authentication Issues

CWE-287

Top Fix

icon

Upgrade Version

Upgrade to version v0.50.2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): HIGH

Do you need more information?

Contact Us