We found results for “”
WS-2022-0359
Good to know:
Date: September 17, 2022
In kareadita/kavita prior to 0.6.0, A normal user can access any series without permission if they have access to at least one library. This allows any user who has access to at least one library gain access to all series in all libraries.
Language: C#
Severity Score
Severity Score
Weakness Type (CWE)
Improper Access Control
CWE-284Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |