2 matches found
CVE-2022-24837
HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes an...
CVE-2022-24837
The CVE-2022-24837 entry corresponds to HedgeDoc: images uploaded since v1.9.1 generate enumerable filenames, enabling potential information leakage from private notes across all upload backends (except Lutim/imgur). The underlying issue is a predictable filename generation mechanism, which has b...