Lucene search
CertccCVE-2015-0933HistoryMar 04, 2015 - 2:59 a.m.
CVE-2015-0933
2015-03-0402:59:02
CWE-22
certcc
web.nvd.nist.gov
38
cve-2015-0933
sharelatex
path traversal
vulnerability
remote authenticated users
arbitrary files
include command
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.002
Percentile
52.9%
Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include command.
Affected configurations
Node
sharelatexsharelatexRange≤0.1.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sharelatex | sharelatex | * | cpe:2.3:a:sharelatex:sharelatex:*:*:*:*:*:*:*:* |
References
Related
prion
prion
Path traversal
2015-03-04 02:59:00
cvelist
cvelist
CVE-2015-0933
2015-03-04 02:00:00
nvd
nvd
CVE-2015-0933
2015-03-04 02:59:02
cert
cert
ShareLaTeX vulnerable to remote command execution and information disclosure
2015-03-03 00:00:00
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.002
Percentile
52.9%
Related for CVE-2015-0933