Home > Vulnerability Database > WS-2022-0260

Mend.io Vulnerability Database

WS-2022-0260

Good to know:

Date: August 6, 2022

An Insecure Direct Object References (IDOR) vulnerability was found in kareadita/kavita prior to 0.5.4.1. The password change function doesn't properly handle the Change Password role, allowing to any user, that has this role enabled, to change the password of any user in the system, including the administrator account, which may lead to Application Takeover.

Language: C#

Severity Score

9.1

Related Resources (2)

Url: https://www.github.com/kareadita/kavita/commit/9c31f7e7c81b919923cb2e3857439ec0d16243e4

Url: https://www.mend.io/vulnerability-database/WS-2022-0260

Severity Score

9.1

Weakness Type (CWE)

Improper Authorization

CWE-285

Top Fix

Upgrade Version

Upgrade to version v0.5.4.1

Learn More

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2022-0260

Good to know:

Date: August 6, 2022

Language: C#

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?