icon

We found results for “

WS-2022-0260

Date: August 6, 2022

An Insecure Direct Object References (IDOR) vulnerability was found in kareadita/kavita prior to 0.5.4.1. The password change function doesn't properly handle the Change Password role, allowing to any user, that has this role enabled, to change the password of any user in the system, including the administrator account, which may lead to Application Takeover.

Language: C#

Severity Score

Severity Score

Weakness Type (CWE)

Improper Authorization

CWE-285

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us