Lucene search
Veracode Vulnerability DatabaseVERACODE:34944HistoryApr 04, 2022 - 1:31 p.m.
Authorization Bypass
2022-04-0413:31:50
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.001 Low
EPSS
Percentile
21.6%
calibreweb is vulnerable to authorization bypass. The vulnerability exists in create_edit_shelf function in shelf.py because the server doesn’t properly validate the user permissions which allows an attacker to create and modify public and private shelves.
| CPE | Name | Operator | Version |
|---|---|---|---|
| calibreweb | le | 0.6.15 | |
| calibreweb | le | 0.6.13 | |
| calibreweb | le | 0.6.15 | |
| calibreweb | le | 0.6.13 |
References
github.com/janeczku/calibre-web/blob/master/cps/shelf.py#L362
github.com/janeczku/calibre-web/commit/0c0313f375bed7b035c8c0482bbb09599e16bfcf
github.com/janeczku/calibre-web/commit/e0e04220109920575179a8f924543449c6de0706
huntr.dev/bounties/d7498799-4797-4751-b5e2-b669e729d5db
huntr.dev/bounties/d7498799-4797-4751-b5e2-b669e729d5db/
Related
cvelist
cvelist
CVE-2022-0406 Improper Authorization in janeczku/calibre-web
2022-04-03 19:05:10
prion
prion
Authorization
2022-04-03 19:15:00
huntr
huntr
Improper Authorization in janeczku/calibre-web
2022-01-25 08:57:37
nvd
nvd
CVE-2022-0406
2022-04-03 19:15:07
cve
cve
CVE-2022-0406
2022-04-03 19:15:07
osv
osv
CVE-2022-0406
2022-04-03 19:15:07