First published: Wed Sep 11 2019(Updated: )
The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker (who has access to a Rich Text pad with editing rights for the URL) to corrupt it (i.e., cause data loss) via a trivial URL modification.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
XWiki Cryptpad | <3.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-15302 is classified as a high severity vulnerability due to its potential to cause data loss in Rich Text pads.
To mitigate CVE-2019-15302, upgrade to CryptPad version 3.0.0 or later.
An attacker can exploit CVE-2019-15302 by modifying the URL of a Rich Text pad to corrupt it and cause data loss.
CVE-2019-15302 affects all users of XWiki Labs CryptPad versions prior to 3.0.0 who have editing rights.
CVE-2019-15302 allows unauthorized modification of Rich Text pads which can lead to data corruption.