CVE-2024-6781
📋 TL;DR
CVE-2024-6781 is a path traversal vulnerability in Calibre ebook management software that allows unauthenticated attackers to read arbitrary files from the server filesystem. This affects all Calibre installations running version 7.14.0 or earlier. The vulnerability exists in the built-in web server component.
💻 Affected Systems
- Calibre
📦 What is this software?
Calibre by Calibre Ebook
⚠️ Risk & Real-World Impact
Worst Case
Attackers could read sensitive system files including configuration files, SSH keys, database credentials, and other confidential data, potentially leading to complete system compromise.
Likely Case
Attackers will read accessible files within the Calibre user's permissions, potentially obtaining personal data, configuration files, or other sensitive information stored on the server.
If Mitigated
With proper network segmentation and access controls, impact is limited to files accessible by the Calibre process user account.
🎯 Exploit Status
The vulnerability is simple to exploit via crafted HTTP requests. Proof-of-concept code is available in the public advisory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.15.0
Vendor Advisory: https://github.com/kovidgoyal/calibre/commit/bcd0ab12c41a887f8290a9b56e46c3a29038d9c4
Restart Required: Yes
Instructions:
1. Download Calibre 7.15.0 or later from https://calibre-ebook.com/download. 2. Install the update following standard procedures for your operating system. 3. Restart the Calibre application and web server.
🔧 Temporary Workarounds
Disable Calibre Web Server
allTemporarily disable the built-in web server until patching can be completed
In Calibre GUI: Preferences → Sharing over the net → Uncheck 'Enable sharing'
Or stop the calibre-server process
Network Access Restriction
allRestrict network access to Calibre web server using firewall rules
Linux: sudo ufw deny from any to any port 8080
Windows: netsh advfirewall firewall add rule name="Block Calibre" dir=in action=block protocol=TCP localport=8080
🧯 If You Can't Patch
- Disable the Calibre web server completely and use alternative access methods
- Implement strict network segmentation and firewall rules to limit access to the Calibre server
🔍 How to Verify
Check if Vulnerable:
Check Calibre version via Help → About in GUI or 'calibre --version' command line. If version is 7.14.0 or earlier and web server is enabled, system is vulnerable.Check Version:
calibre --versionVerify Fix Applied:
Verify Calibre version is 7.15.0 or later. Test with the proof-of-concept from the advisory to confirm file read is no longer possible.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in Calibre logs
- HTTP requests with '../' sequences in URL paths
- Access to files outside expected Calibre library directories
Network Indicators:
- HTTP requests containing path traversal sequences (../, ..\) to Calibre web server
- Unusual file downloads from Calibre server
SIEM Query:
source="calibre.log" AND (url="*../*" OR url="*..\*")