CVE-2024-28192
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2024-28192 is a critical vulnerability affecting versions of your_spotify below 1.8.0. This open-source, self-hosted Spotify tracking dashboard is vulnerable to a NoSQL injection attack in its public access token processing logic. An attacker can exploit this flaw to bypass the public token authentication mechanism without user interaction or prerequisite knowledge. Consequently, an attacker can gain unauthorized access to user data, potentially leading to privacy breaches. Users are strongly advised to upgrade to version 1.8.0 to mitigate this risk. At present, there are no known workarounds for this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.