CVE & CISA-KEV Catalog

CVE-2023-51442

HIGH
8.6
CVSS v3
NVD

Description

Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token (JWT) signed with the key "not so secret". The vulnerability can only be exploited on instances that have never been restarted. Navidrome supports an extension to the subsonic authentication scheme, where a JWT can be provided using a `jwt` query parameter instead of the traditional password or token and salt (corresponding to resp. the `p` or `t` and `s` query parameters). This authentication bypass vulnerability potentially affects all instances that don't protect the subsonic endpoint `/rest/`, which is expected to be most instances in a standard deployment, and most instances in the reverse proxy setup too (as the documentation mentions to leave that endpoint unprotected). This issue has been patched in version 0.50.2.

How to fix

Remediation Available
NavidromeWindows application
Affected:0.50.2Fixed in:0.50.2Navidrome

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityLow
IntegrityLow
AvailabilityHigh

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Exploit Intelligence

0.69%probability of exploitation in 30 days
48thpercentile

Moderate risk: more likely to be exploited than 48% of all known CVEs.

References

Exploit1

Related Vulnerabilities

Other CWE-287 (Improper Authentication) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2023-35082Critical9.8100%KEV + RansomFix
CVE-2023-35078Critical9.8100%KEV + RansomFix
CVE-2017-7921Critical9.8100%KEV-
CVE-2024-7593Critical9.8100%KEV-
CVE-2023-46805High8.2100%KEV + Ransom-
CVE-2022-40684Critical9.8100%KEV + RansomFix
Embed a live status badge for CVE-2023-51442
CVE-2023-51442 severity badge

Markdown

[![CVE-2023-51442](https://tridentstack.com/cve/badge/CVE-2023-51442.svg)](https://tridentstack.com/cve/CVE-2023-51442)

HTML

<a href="https://tridentstack.com/cve/CVE-2023-51442"><img src="https://tridentstack.com/cve/badge/CVE-2023-51442.svg" alt="CVE-2023-51442"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.