NewsSecurity Vulnerabilities

Navidrome Plaintext Storage of JWT Secret in navidrome.db vulnerability [CVE-2024-56362]

CVE number – CVE-2024-56362

Navidrome is an open source web-based music collection server and streamer.

Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table.

This practice introduces a security risk because anyone with access to the database file can retrieve the secret.

This vulnerability is fixed in version 0.54.1.

Jason Davies

I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.