Lucene search

MitreCVE-2020-22785

HistoryApr 28, 2021 - 9:15 p.m.

CVE-2020-22785

2021-04-2821:15:08

CWE-770

mitre

web.nvd.nist.gov

etherpad

cve-2020-22785

security vulnerability

denial of service

nvd

missing lock check

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

40.6%

JSON

Etherpad < 1.8.3 is affected by a missing lock check which could cause a denial of service. Aggressively targeting random pad import endpoints with empty data would flatten all pads due to lack of rate limiting and missing ownership check.

Affected configurations

Nvd

Node

etherpadetherpadRange<1.8.3

VendorProductVersionCPE
etherpadetherpad*cpe:2.3:a:etherpad:etherpad:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
etherpad	etherpad	*	cpe:2.3:a:etherpad:etherpad::::::::

References

github.com/ether/etherpad-lite/pull/3833

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

40.6%

JSON

Related for CVE-2020-22785