ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL.
References
Link | Resource |
---|---|
https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/IncorrectAccessControl | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-11-27T16:00:00
Updated: 2018-11-27T16:57:01
Reserved: 2018-11-27T00:00:00
Link: CVE-2018-19609
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-11-27T16:29:01.363
Modified: 2018-12-21T19:12:35.607
Link: CVE-2018-19609
JSON object: View
Redhat Information
No data.
CWE