CVSS 3.1 Score 5.3 of 10 (medium)


Published Mar 13, 2024
Updated: Mar 14, 2024
CWE ID 943


CVE-2024-28192 is a vulnerability found in YourSpotify, an open-source, self-hosted Spotify tracking dashboard. Versions of YourSpotify prior to 1.8.0 are susceptible to a NoSQL injection vulnerability in the public access token processing logic. This flaw allows attackers to bypass the public token authentication mechanism without any user interaction or prior knowledge. The recommended remediation is to upgrade to version 1.8.0 or later. There are no known workarounds for this vulnerability. The potential danger posed by this vulnerability is rated as medium severity with a base score of 5.3 out of 10, indicating a moderate level of risk to organizations that use YourSpotify.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-28192 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options