Insecure Hashing Algorithm in Navidrome Affects User Account Security
CVE-2024-41259

Currently unrated

Key Information:

Vendor: Navidrome
Status: Navidrome
Vendor: CVE Published:; 1 August 2024

What is CVE-2024-41259?

The service provided by Gravatar within Navidrome v0.52.3 utilizes an insecure hashing algorithm, enabling potential attackers to alter user account information. This vulnerability can lead to unauthorized access and manipulation of user data, emphasizing the need for strong hashing practices in software development to safeguard user privacy and security.

References

https://gist.github.com/nyxfqq/d192af10b53a363e2d9e430068...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 1, 2024