PT-2024-11004 · Unknown · Janeczku/Calibre-Web

Published

2024-11-15

Updated

2024-11-19

CVE-2021-3987

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions janeczku/calibre-web (affected versions not specified)

Description An improper access control issue exists, allowing users without public shelf permissions to create public shelves. This is due to the create shelf method in shelf.py not verifying if the user has the necessary permissions to create a public shelf, which can lead to unauthorized actions being performed by users.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Access Control

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-862

Related Identifiers

CVE-2021-3987

GHSA-FJ5V-W2JP-WQVJ

Affected Products

Janeczku/Calibre-Web

PT-2024-11004 · Unknown · Janeczku/Calibre-Web

CVE-2021-3987

Weakness Enumeration

Related Identifiers

Affected Products

References · 8