CVE-2021-3987
Improper Access Control in janeczku/calibre-web
An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the `create_shelf` method in `shelf.py` not verifying if the user has the necessary permissions to create a public shelf. This issue can lead to unauthorized actions being performed by users.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Productos afectados
janeczku · janeczku/calibre-web¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →