Kavita
CVE-2023-0919
LOW
Severity by source
AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0.
AnalysisAI
Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Missing Authentication for Critical Function (CWE-306), which allows attackers to access critical functionality without authentication. Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0. Affected products include: Kavitareader Kavita. Version information: prior to 0.7.0..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Require authentication for all sensitive operations, implement defense in depth.
Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3. Rated
Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1. Rated medium severity (CVSS 6
Authentication bypass in Kavita reading server versions prior to 0.9.0.2 allows remote unauthenticated attackers to obta
Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3. Rated
Unauthenticated content enumeration in Kavita reading server (all versions prior to 0.9.0) exposes every page image acro
Kavita reading server versions prior to 0.9.0 expose seven download and metadata API endpoints without enforcing library
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today