How severe is CVE-2024-32963?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.2 out of 10.

What type of vulnerability is CVE-2024-32963?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2024-32963

MEDIUM Year: 2024

CVSS v3 Score

4.2

Medium

Weakness Type

CWE-200

View all →

Vulnerability Description

Navidrome is an open source web-based music collection server and streamer. In affected versions of Navidrome are subject to a parameter tampering vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. The attacker is able to change the parameter values in the body and successfully impersonate another user. In this case, the attacker created a playlist, added song, posted arbitrary comment, set the playlist to be public, and put the admin as the owner of the playlist. The attacker must be able to intercept http traffic for this attack. Each known user is impacted. An attacker can obtain the ownerId from shared playlist information, meaning every user who has shared a playlist is also impacted, as they can be impersonated. This issue has been addressed in version 0.52.0 and users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE-2009-0783

MEDIUM

CVSS:4.2(Medium)

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read o...

CWE-2002009

CVE-2014-3591

MEDIUM

CVSS:4.2(Medium)

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determin...

CWE-2002014

CVE-2017-13238

MEDIUM

CVSS:4.2(Medium)

In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additio...

CWE-2002017

CVE-2018-12076

MEDIUM

CVSS:4.2(Medium)

A vulnerability in the UPC bar code of the Avanti Markets MarketCard could allow an unauthenticated, local attacker to access funds within the customer's MarketCard balance, and also could lead to Cus...

CWE-2002018

CVE-2018-3986

MEDIUM

CVSS:4.2(Medium)

An exploitable information disclosure vulnerability exists in the "Secret Chats" functionality of the Telegram Android messaging application version 4.9.0. The "Secret Chats" functionality allows a us...

CWE-2002018

CVE-2018-3987

MEDIUM

CVSS:4.2(Medium)

An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces ...

CWE-2002018

CVE-2024-32963

Vulnerability Description

Related Vulnerabilities

CVE-2009-0783

CVE-2014-3591

CVE-2017-13238

CVE-2018-12076

CVE-2018-3986

CVE-2018-3987