Vulnerabilities > CVE-2021-3986 - Unspecified vulnerability in Janeczku Calibre-Web

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

janeczku

NVD

Published: 2024-11-15

Updated: 2024-11-19

Summary

A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they do not own. This vulnerability discloses private information and affects all versions prior to the fix.

Vulnerable Configurations

Part	Description	Count
Application	Janeczku Janeczku Calibre WEB - Janeczku Calibre WEB 0.6.0 Janeczku Calibre WEB 0.6.2 Janeczku Calibre WEB 0.6.3 Janeczku Calibre WEB 0.6.4 Janeczku Calibre WEB 0.6.5 Janeczku Calibre WEB 0.6.6 Janeczku Calibre WEB 0.6.7 Janeczku Calibre WEB 0.6.8 Janeczku Calibre WEB 0.6.9 Janeczku Calibre WEB 0.6.10 Janeczku Calibre WEB 0.6.11 Janeczku Calibre WEB 0.6.12 Janeczku Calibre WEB 0.6.13 Janeczku Calibre WEB 0.6.14	15

Summary

Vulnerable Configurations

References