Pad Management Logic Flaw in XWiki Labs CryptPad
CVE-2019-15302

6.5MEDIUM

Key Information:

Vendor: Xwiki
Status: Cryptpad
Vendor: CVE Published:; 11 September 2019

What is CVE-2019-15302?

A flaw in the pad management logic of XWiki Labs CryptPad (prior to version 3.0.0) permits remote attackers, with editing rights to a Rich Text pad, to execute a trivial URL modification. This manipulation leads to potential data loss, severely compromising the integrity of user-generated content.

References

https://github.com/xwiki-labs/cryptpad/commits/staging

x_refsource_MISC

https://github.com/xwiki-labs/cryptpad/releases/tag/3.0.0

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2019
Vulnerability Reserved
Aug 21, 2019

Xwiki

What is CVE-2019-15302?

References

CVSS V3.1

Timeline