A critical authentication bypass vulnerability in Kavita, a cross-platform reading server, allows remote unauthenticated attackers to obtain valid JWT tokens for any user—including administrators—by knowing only the target username. The flaw stems from improper token validation (CWE-287, CWE-345, CWE-697) in versions prior to 0.9.0.2. Successful exploitation grants full administrative access to the affect [truncated]
A library-level authorization bypass in Kavita reading server allows low-privileged users to access content from libraries they are not assigned to. The vulnerability affects download, size-check, and chapter metadata endpoints where chapterId, volumeId, or seriesId parameters are not properly validated against user library permissions. An attacker with valid credentials but limited privileges can enumera [truncated]
Kavita is a cross-platform reading server. Prior to version 0.9.0, the ReaderController.GetImage endpoint was decorated with [AllowAnonymous], permitting completely unauthenticated access to page images from any chapter in any library. Although the endpoint accepts an apiKey parameter, this parameter was never validated. Because entity IDs are sequential integers, an unauthenticated attacker could trivial [truncated]
