Lucene search

GitHub Advisory DatabaseGHSA-VGMW-9CWW-QQ99

HistoryJan 31, 2022 - 12:00 a.m.

Incorrect Authorization in calibreweb

2022-01-3100:00:29

CWE-284

CWE-863

GitHub Advisory Database

github.com

calibreweb

version 0.6.16

incorrect authorization

vulnerability

software

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

21.4%

JSON

calibreweb prior to version 0.6.16 contains an Incorrect Authorization vulnerability.

Affected configurations

Vulners

Node

calibrewebRange<0.6.16

VendorProductVersionCPE
*calibreweb*cpe:2.3:a:*:calibreweb:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
*	calibreweb	*	cpe:2.3:a::calibreweb::::::::*

References

github.com/advisories/GHSA-vgmw-9cww-qq99

github.com/janeczku/calibre-web/commit/0c0313f375bed7b035c8c0482bbb09599e16bfcf

github.com/pypa/advisory-database/tree/main/vulns/calibreweb/PYSEC-2022-22.yaml

huntr.dev/bounties/8f27686f-d698-4ab6-8ef0-899125792f13

nvd.nist.gov/vuln/detail/CVE-2022-0273

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

21.4%

JSON

Related for GHSA-VGMW-9CWW-QQ99