A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they do not own. This vulnerability discloses private information and affects all versions prior to the fix.
                
            Metrics
Affected Vendors & Products
References
        History
                    Tue, 19 Nov 2024 17:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Janeczku Janeczku calibre-web | |
| CPEs | cpe:2.3:a:janeczku:calibre-web:*:*:*:*:*:*:*:* | |
| Vendors & Products | Janeczku Janeczku calibre-web | |
| Metrics | cvssV3_1 
 | 
Fri, 15 Nov 2024 19:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Calibre-web Project Calibre-web Project calibre-web | |
| CPEs | cpe:2.3:a:calibre-web_project:calibre-web:-:*:*:*:*:*:*:* | |
| Vendors & Products | Calibre-web Project Calibre-web Project calibre-web | |
| Metrics | ssvc 
 | 
Fri, 15 Nov 2024 11:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they do not own. This vulnerability discloses private information and affects all versions prior to the fix. | |
| Title | Information Disclosure in janeczku/calibre-web | |
| Weaknesses | CWE-209 | |
| References |  | |
| Metrics | cvssV3_0 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: @huntr_ai
Published:
Updated: 2024-11-15T18:31:36.752Z
Reserved: 2021-11-20T11:08:36.338Z
Link: CVE-2021-3986
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-11-15T18:31:26.082Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2024-11-15T11:15:06.400
Modified: 2024-11-19T17:12:50.000
Link: CVE-2021-3986
 Redhat
                        Redhat
                    No data.