How severe is CVE-2024-28192?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-28192?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2024-28192 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version <1.8.0 is vulnerable to NoSQL injection in the public access token processing logic. Attackers can fully bypass the public token authentication mechanism, regardless if a public token has been generated before or not, without any user interaction or prerequisite knowledge. This vulnerability allows an attacker to fully bypass the public token authentication mechanism, regardless if a public token has been generated before or not, without any user interaction or prerequisite knowledge. This issue has been addressed in version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2010-4658

MEDIUM

CVSS:5.3(Medium)

statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks.

CWE-742010

CVE-2011-3624

MEDIUM

CVSS:5.3(Medium)

Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote a...

CWE-742011

CVE-2013-4578

MEDIUM

CVSS:5.3(Medium)

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper fil...

CWE-742013

CVE-2013-7324

MEDIUM

CVSS:5.3(Medium)

Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavio...

CWE-742013

CVE-2016-11068

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection.

CWE-742016

CVE-2017-7848

MEDIUM

CVSS:5.3(Medium)

RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2.

CWE-742017