A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they do not own. This vulnerability discloses private information and affects all versions prior to the fix.
Metrics
Affected Vendors & Products
References
History
Tue, 19 Nov 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Janeczku
Janeczku calibre-web |
|
CPEs | cpe:2.3:a:janeczku:calibre-web:*:*:*:*:*:*:*:* | |
Vendors & Products |
Janeczku
Janeczku calibre-web |
|
Metrics |
cvssV3_1
|
Fri, 15 Nov 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Calibre-web Project
Calibre-web Project calibre-web |
|
CPEs | cpe:2.3:a:calibre-web_project:calibre-web:-:*:*:*:*:*:*:* | |
Vendors & Products |
Calibre-web Project
Calibre-web Project calibre-web |
|
Metrics |
ssvc
|
Fri, 15 Nov 2024 11:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they do not own. This vulnerability discloses private information and affects all versions prior to the fix. | |
Title | Information Disclosure in janeczku/calibre-web | |
Weaknesses | CWE-209 | |
References |
| |
Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-11-15T10:52:21.551Z
Updated: 2024-11-15T18:31:36.752Z
Reserved: 2021-11-20T11:08:36.338Z
Link: CVE-2021-3986
Vulnrichment
Updated: 2024-11-15T18:31:26.082Z
NVD
Status : Analyzed
Published: 2024-11-15T11:15:06.400
Modified: 2024-11-19T17:12:50.000
Link: CVE-2021-3986
Redhat
No data.