CVE-2024-28194
published 2024-03-13CVE-2024-28194: your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.8.0 use a hardcoded JSON Web Token (JWT) secret to sign…
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.82%
52.7th percentile
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.8.0 use a hardcoded JSON Web Token (JWT) secret to sign authentication tokens. Attackers can use this well-known value to forge valid authentication tokens for arbitrary users. This vulnerability allows attackers to bypass authentication and authenticate as arbitrary YourSpotify users, including admin users. This issue has been addressed in version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yooooomi | your_spotify | < 1.8.0 | 1.8.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-03-13
Published