We found results for “”
WS-2023-0373
Good to know:
Date: October 21, 2023
SMTP server credentials are returned in calibre-web prior to 0.6.21. This allows the malicious user to view the SMTP server credentials and use them to access the SMTP server without authorization. The malicious user could send fraudulent, spam, or phishing emails on behalf of the legitimate user, compromise the user's confidential information, cause financial and reputational damage to the organization, and negatively affect the integrity and availability of the email server.
Language: Python
Severity Score
Severity Score
Weakness Type (CWE)
Cleartext Storage of Sensitive Information
CWE-312Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |