CVE-2024-28193
- EPSS 0.52%
- Published 13.03.2024 21:16:01
- Last modified 24.01.2025 14:56:33
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version <1.8.0 allows users to create a public token in the settings, which can be used to provide guest-level access to the information of that specific user in Your...
CVE-2024-28192
- EPSS 0.14%
- Published 13.03.2024 21:16:00
- Last modified 24.01.2025 15:11:10
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version <1.8.0 is vulnerable to NoSQL injection in the public access token processing logic. Attackers can fully bypass the public token authentication mechanism, reg...
CVE-2024-28194
- EPSS 0.22%
- Published 13.03.2024 19:15:47
- Last modified 12.02.2025 15:19:53
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.8.0 use a hardcoded JSON Web Token (JWT) secret to sign authentication tokens. Attackers can use this well-known value to forge valid authentication toke...
CVE-2024-28195
- EPSS 0.64%
- Published 13.03.2024 18:15:07
- Last modified 12.02.2025 15:16:31
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.9.0 do not protect the API and login flow against Cross-Site Request Forgery (CSRF). Attackers can use this to execute CSRF attacks on victims, allowing ...
CVE-2024-28196
- EPSS 0.21%
- Published 13.03.2024 18:15:07
- Last modified 12.02.2025 15:18:34
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version < 1.9.0 does not prevent other pages from displaying it in an iframe and is thus vulnerable to clickjacking. Clickjacking can be used to trick an existing use...