6.5
CVE-2019-15302
- EPSS 1.36%
- Veröffentlicht 11.09.2019 21:15:11
- Zuletzt bearbeitet 21.11.2024 04:28:25
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker (who has access to a Rich Text pad with editing rights for the URL) to corrupt it (i.e., cause data loss) via a trivial URL modification.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.36% | 0.681 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 5.5 | 8 | 4.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:P
|
CWE-404 Improper Resource Shutdown or Release
The product does not release or incorrectly releases a resource before it is made available for re-use.
https://github.com/xwiki-labs/cryptpad/commits/staging
https://github.com/xwiki-labs/cryptpad/releases/tag/3.0.0