Published: 08/02/2018 Updated: 03/10/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote malicious users to bypass intended access restrictions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
etherpad etherpad

Resources related to GitHub Security Lab

GitHub Security Lab This is the main git repository of GitHub Security Lab We use it for these main purposes: We share with our community some best practices about security research and vulnerability disclosures in our docs We use issues on this repo to track CodeQL bounty requests We use it for publishing some of our proof-of-concept exploits (after the vulnerability has be

CWE-20 https://github.com/ether/etherpad-lite/releases/tag/1.6.3 https://github.com/ether/etherpad-lite/commit/626e58cc5af1db3691b41fca7b06c28ea43141b1 https://nvd.nist.gov https://github.com/github/securitylab

CVE-2018-6835

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect