3 matches found
CVE-2021-3986
A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they d...
Authorization Bypass
calibreweb is vulnerable to authorization bypass. The vulnerability exists in createeditshelf function in shelf.py because the server doesn't properly validate the user permissions which allows an attacker to create and modify public and private shelves...
Improper Access Control
calibreweb is vulnerable to improper access control. The vulnerability exists because the server doesn't properly validate the user permissions when rendering HTML containing shelf name which allows an attacker to gain access to names of all private shelves...