Lucene search
HistoryMar 04, 2015 - 2:59 a.m.
CVE-2015-0933
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
AI Score
6.2
Confidence
Low
EPSS
0.002
Percentile
52.9%
Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include command.
Affected configurations
Node
sharelatexsharelatexRange≤0.1.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sharelatex | sharelatex | * | cpe:2.3:a:sharelatex:sharelatex:*:*:*:*:*:*:*:* |
References
Related
cve
cve
CVE-2015-0933
2015-03-04 02:59:02
prion
prion
Path traversal
2015-03-04 02:59:00
cvelist
cvelist
CVE-2015-0933
2015-03-04 02:00:00
cert
cert
ShareLaTeX vulnerable to remote command execution and information disclosure
2015-03-03 00:00:00
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
AI Score
6.2
Confidence
Low
EPSS
0.002
Percentile
52.9%
Related for NVD:CVE-2015-0933