CVE-2015-2298

node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:etherpad:etherpad:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:etherpad:etherpad:1.5.0:d:*:*:*:*:*:*
cpe:2.3:a:etherpad:etherpad:1.5.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-01-12 17:29

Updated : 2024-02-04 19:29


NVD link : CVE-2015-2298

Mitre link : CVE-2015-2298

CVE.ORG link : CVE-2015-2298


JSON object : View

Products Affected

etherpad

  • etherpad
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor