The vulnerability of the Kavita Kavitareader software for reading e-books in the Kavita format lies in the lack of authentication for a critical function. This allows attackers to influence the confidentiality and integrity of the protected information.

🗓️ 02 Nov 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Kavita Kavitareader lacks authentication for a critical function, risking confidentiality and integrity of protected data.

Reporter	Title	Published	Views	Family All 12
Huntr	Missing Authentication for Critical Function	15 Nov 202203:51	–	huntr
ATTACKERKB	CVE-2023-0919	19 Feb 202315:15	–	attackerkb
Circl	CVE-2023-0919	19 Feb 202318:15	–	circl
CNNVD	kavita 访问控制错误漏洞	19 Feb 202300:00	–	cnnvd
CVE	CVE-2023-0919	19 Feb 202300:00	–	cve
Cvelist	CVE-2023-0919 Missing Authentication for Critical Function in kareadita/kavita	19 Feb 202300:00	–	cvelist
EUVD	EUVD-2023-12906	3 Oct 202520:07	–	euvd
NVD	CVE-2023-0919	19 Feb 202315:15	–	nvd
OSV	CVE-2023-0919 Missing Authentication for Critical Function in kareadita/kavita	19 Feb 202300:00	–	osv
Prion	Authentication flaw	19 Feb 202315:15	–	prion

Source	Link
huntr	www.huntr.dev/bounties/3c514923-473f-4c50-ae0d-d002a41fe70f
github	www.github.com/Kareadita/Kavita/pull/1748/commits/6648b79e1b2f92449d5816d0722b7a3d72f259d5
web	www.web.nvd.nist.gov/view/vuln/detail

02 Nov 2023 00:00Current

5.5Medium risk

Vulners AI Score5.5

CVSS 38.1

CVSS 28.5

EPSS0.00311

Kavita Kavitareader lack of authentication critical function confidentiality risk integrity risk protected information