Navidrome Plaintext Storage of JWT Secret in navidrome.db vulnerability [CVE-2024-56362]
CVE number – CVE-2024-56362
Navidrome is an open source web-based music collection server and streamer.
Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table.
This practice introduces a security risk because anyone with access to the database file can retrieve the secret.
This vulnerability is fixed in version 0.54.1.
![Navidrome Plaintext Storage of JWT Secret in navidrome.db vulnerability [CVE-2024-56362]](https://i0.wp.com/www.systemtek.co.uk/wp-content/uploads/2023/08/jason-d.jpg?resize=100%2C100)
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.