calibreweb is vulnerable to Improper Authentication. The vulnerability exists in the login
function of web.py
file, which allows a remote attacker to takeover the account by bruteforcing due to improper restriction of excessive authentication attempts.
github.com/advisories/GHSA-jg8w-wgx2-g7q4
github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e
github.com/janeczku/calibre-web/commit/ae3e3559b86efc03f19dba0e6dc930304bf63e46
huntr.dev/bounties/9ff87820-c14c-4454-9764-406496254ef0
huntr.dev/bounties/9ff87820-c14c-4454-9764-406496254ef0/