CVE-2015-2298

Published: Jan 12, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID.

Affected (3)

Products: Etherpad: Etherpad

Etherpad

1 product

Etherpad

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Etherpad Etherpad	Version 1.5.0
Etherpad Etherpad	Version 1.5.0 d
Etherpad Etherpad	Version 1.5.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www.openwall.com/lists/oss-security/2015/03/15/3

Source: cve@mitre.org

Issue TrackingMailing ListThird Party Advisory

https://github.com/ether/etherpad-lite/commit/a0fb65205c7d7ff95f00eb9fd88e93b300f30c3d

Source: cve@mitre.org

Patch

https://github.com/ether/etherpad-lite/releases/tag/1.5.2

Source: cve@mitre.org

PatchRelease Notes

http://www.openwall.com/lists/oss-security/2015/03/15/3

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingMailing ListThird Party Advisory

https://github.com/ether/etherpad-lite/commit/a0fb65205c7d7ff95f00eb9fd88e93b300f30c3d

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/ether/etherpad-lite/releases/tag/1.5.2

Source: af854a3a-2127-422b-91ae-364da2661108

PatchRelease Notes

Timeline

No history available yet.