Lucene search
Veracode Vulnerability DatabaseVERACODE:34943HistoryApr 04, 2022 - 12:20 p.m.
Improper Access Control
2022-04-0412:20:11
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
27
0.001 Low
EPSS
Percentile
21.4%
calibreweb is vulnerable to improper access control. The vulnerability exists because the server doesn’t properly validate the user permissions when rendering HTML containing shelf name which allows an attacker to gain access to names of all private shelves.
| CPE | Name | Operator | Version |
|---|---|---|---|
| calibreweb | le | 0.6.15 | |
| calibreweb | le | 0.6.13 | |
| calibreweb | le | 0.6.15 | |
| calibreweb | le | 0.6.13 |
References
github.com/advisories/GHSA-gqcj-xp3p-vqqj
github.com/janeczku/calibre-web/blob/master/cps/shelf.py#L380
github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92
github.com/janeczku/calibre-web/issues/1990
huntr.dev/bounties/370538f6-5312-4c15-9fc0-b4c36ac236fe
huntr.dev/bounties/370538f6-5312-4c15-9fc0-b4c36ac236fe/
Related
huntr
huntr
Improper Access Control in janeczku/calibre-web
2022-01-24 03:16:26
prion
prion
Improper access control
2022-04-03 19:15:00
cve
cve
CVE-2022-0405
2022-04-03 19:15:07
osv
osv
CVE-2022-0405
2022-04-03 19:15:07
cvelist
cvelist
CVE-2022-0405 Improper Access Control in janeczku/calibre-web
2022-04-03 18:30:15
nvd
nvd
CVE-2022-0405
2022-04-03 19:15:07