Описание
Improper Access Control in janeczku/calibre-web
An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the create_shelf method in shelf.py not verifying if the user has the necessary permissions to create a public shelf. This issue can lead to unauthorized actions being performed by users.
Пакеты
calibreweb
< 0.6.15
0.6.15
Связанные уязвимости
An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the `create_shelf` method in `shelf.py` not verifying if the user has the necessary permissions to create a public shelf. This issue can lead to unauthorized actions being performed by users.
An improper access control vulnerability exists in janeczku/calibre-we ...