Main Vulnerability Database Vulnerabilities #VU31331

#VU31331 Information disclosure in Etherpad - CVE-2018-9325

Published: April 7, 2018 / Updated: July 17, 2020

Vulnerability identifier: #VU31331

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-9325

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Etherpad

Software vendor:
The Etherpad Foundation

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names.

Install update from vendor's website.