CVE-2024-28192

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Mar 13, 2024

Updated: Mar 14, 2024

CWE ID 943

CWE ID 74

Summary

CVE-2024-28192 is a critical vulnerability affecting versions of your_spotify below 1.8.0. This open-source, self-hosted Spotify tracking dashboard is vulnerable to a NoSQL injection attack in its public access token processing logic. An attacker can exploit this flaw to bypass the public token authentication mechanism without user interaction or prerequisite knowledge. Consequently, an attacker can gain unauthorized access to user data, potentially leading to privacy breaches. Users are strongly advised to upgrade to version 1.8.0 to mitigate this risk. At present, there are no known workarounds for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database