CVE-2021-3986 — MEDIUM (4.3)

Q: How severe is CVE-2021-3986?

CVE-2021-3986 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-3986?

Check the references section above for vendor advisories and patch information. Affected products include: Janeczku Calibre-Web.

Vulnerability Description

A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they do not own. This vulnerability discloses private information and affects all versions prior to the fix.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Janeczku	Calibre-Web	< 0.6.15

Related Weaknesses (CWE)

CWE-209

References

https://github.com/janeczku/calibre-web/commit/6f5390ead5df9779ac81fadefffb476e0Patch
https://huntr.com/bounties/394af194-61a7-4e33-b373-877d4c766fcaExploitIssue TrackingPatch

FAQ

What is CVE-2021-3986?

CVE-2021-3986 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of t...

How severe is CVE-2021-3986?

CVE-2021-3986 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-3986?

Check the references section above for vendor advisories and patch information. Affected products include: Janeczku Calibre-Web.