Home > Vulnerability Database > WS-2022-0260

Mend.io Vulnerability Database

WS-2022-0260

Date: August 6, 2022

An Insecure Direct Object References (IDOR) vulnerability was found in kareadita/kavita prior to 0.5.4.1. The password change function doesn't properly handle the Change Password role, allowing to any user, that has this role enabled, to change the password of any user in the system, including the administrator account, which may lead to Application Takeover.

Language: C#

Severity Score

9.1

Related Resources (2)

Url: https://www.github.com/kareadita/kavita/commit/9c31f7e7c81b919923cb2e3857439ec0d16243e4

Url: https://www.mend.io/vulnerability-database/WS-2022-0260

Severity Score

9.1

Weakness Type (CWE)

Improper Authorization

CWE-285

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2022-0260

Date: August 6, 2022

Language: C#

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?