CVE-2023-51442

HIGH EPSS 48.2%
Published Dec 21, 20232y ago · Modified Jun 17, 20262w ago
8.6 CVSS 3.1
High
Find Similar
Published Dec 21, 2023 2y ago
Last Modified Jun 17, 2026 2w ago

Description

Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token (JWT) signed with the key "not so secret". The vulnerability can only be exploited on instances that have never been restarted. Navidrome supports an extension to the subsonic authentication scheme, where a JWT can be provided using a `jwt` query parameter instead of the traditional password or token and salt (corresponding to resp. the `p` or `t` and `s` query parameters). This authentication bypass vulnerability potentially affects all instances that don't protect the subsonic endpoint `/rest/`, which is expected to be most instances in a standard deployment, and most instances in the reverse proxy setup too (as the documentation mentions to leave that endpoint unprotected). This issue has been patched in version 0.50.2.

CVSS Details

Base Score
8.6
Exploitability
3.9
Impact
4.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Low
Availability High

Threat Intelligence

EPSS Exploit Probability
48.2% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-287 Improper Authentication Authentication

Affected Products 1

VendorProductVersionRange
navidromenavidrome* <0.50.2

References 2

  • github.com https://github.com/navidrome/navidrome/commit/1132abb0135d1ecaebc41ed97a1e908a4ae02f7c
    Patch
  • github.com https://github.com/navidrome/navidrome/security/advisories/GHSA-wq59-4q6r-635r
    ExploitVendor Advisory

Remediation

  • github.com https://github.com/navidrome/navidrome/commit/1132abb0135d1ecaebc41ed97a1e908a4ae02f7c
    Patch