Navidrome Transcoding Permission Bypass Vulnerability Report

Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in versions prior to 0.56.0 allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating, modifying, and deleting transcoding settings. In the threat model where administrators are trusted but regular users are not, this vulnerability represents a significant security risk when transcoding is enabled. Version 0.56.0 patches the issue.

N/A

授权机制不正确

Navidrome 安全漏洞

Navidrome是Navidrome开源的一个基于 Web 的开源音乐收集服务器和流媒体。用于自由地从任何浏览器或移动设备收听音乐收藏。 Navidrome 0.56.0之前版本存在安全漏洞，该漏洞源于权限验证不足，可能导致普通用户绕过授权检查执行管理员操作。

N/A

N/A