![]() the `p` or `t` and `s` query parameters). # Details Navidrome supports an extension to the subsonic authentication scheme, where a JWT can be provided using a `jwt` query parameter instead of the traditional password or token and salt (corresponding to resp. The vulnerability can only be exploited on instances that have never been restarted. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token (JWT) signed with the key "not so secret". # Summary A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. ![]() GHSA-wq59-4q6r-635r, CVE-2023-51442 Authentication bypass vulnerability in navidrome's subsonic endpoint in go//navidrome/navidrome # Credit Thanks to Ionut Lalu for responsibly disclosing this vulnerability to us. # Workarounds In cases where a bump to the latest version of `go-git` is not possible, we recommend limiting its use to only trust-worthy Git servers. # Patches Users running versions of `go-git` from `v4` and above are recommended to upgrade to `v5.11` in order to mitigate this vulnerability. This is a `go-git` implementation issue and does not affect the upstream `git` cli. Applications using only the in-memory filesystem supported by `go-git` are not affected by this vulnerability. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in `go-git` clients. # Impact A denial of service (DoS) vulnerability was discovered in go-git versions prior to `v5.11`. ![]() GHSA-mw99-9chc-xw7r, CVE-2023-49568 Maliciously crafted Git server replies can cause DoS on go-git clients in go//go-git/go-git/v5
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |