| शीर्षक | Janeczku Calibre-web V0.6.7-V0.6.26 IDOR in auth-token generation leading to account takeover / user |
|---|
| विवरण | An Insecure Direct Object Reference (IDOR) vulnerability in janeczku/calibre-web allows an authenticated user to impersonate any other user on the platform. The endpoint /kobo_auth/generate_auth_token/<int:user_id> does not validate if the requester has administrative privileges or matches the targeted user_id. An attacker can generate a long-lived auth token for a victim and use it against the /kobo/<auth_token>/v1/initialization route. user_id is an integer that increments from 1, so it is easy to guess the administrator's user_id. Because the application calls login_user(user) based on the token owner within the requires_kobo_auth decorator, this leads to a complete session takeover and persistent impersonation of the victim. |
|---|
| स्रोत | ⚠️ https://drive.google.com/drive/folders/1rosrcfxcHrQM7_GOiBwzY_GnCfXoFuVR?usp=drive_link |
|---|
| उपयोगकर्ता | JasperX (UID 97281) |
|---|
| सबमिशन | 15/04/2026 06:03 PM (2 महीनों पहले) |
|---|
| संयम | 03/05/2026 09:35 AM (18 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 360885 [janeczku Calibre-Web तक 0.6.26 Endpoint cps/kobo_auth.py generate_auth_token user_id अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|