CVE-2024-28195

Name of the Vulnerable Software and Affected Versions YourSpotify versions prior to 1.9.0

Description The issue affects the API and login flow of YourSpotify, allowing attackers to execute Cross-Site Request Forgery (CSRF) attacks. This enables them to retrieve, modify, or delete data on the affected instance. Additionally, repeated CSRF attacks can lead to the creation of a new user and promotion to instance administrator if a legitimate administrator visits a malicious website. The exploitability of this issue depends on the victim's browser version and settings.

Recommendations For versions prior to 1.9.0, upgrade to version 1.9.0 to address the issue. As a temporary workaround, consider restricting access to the API and login flow until the upgrade is applied. Note that there are no known workarounds for this issue, and upgrading to the fixed version is the recommended resolution.