CVE-2018-19609

Published: Nov 27, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL.

Affected (1)

Products: Showdoc: Showdoc

Showdoc

1 product

Showdoc

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Showdoc Showdoc	Version 2.4.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/IncorrectAccessControl

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/IncorrectAccessControl

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.