CVE-2018-19609

Name of the Vulnerable Software and Affected Versions ShowDoc version 2.4.1

Description The issue allows remote attackers to obtain sensitive information by navigating with a modified page id. This can be demonstrated by reading note content or discovering a username in the JSON data at a diff URL.

Recommendations For ShowDoc version 2.4.1, consider restricting access to the diff URL and modifying the page id parameter to prevent unauthorized access to sensitive information. As a temporary workaround, avoid using the page id parameter in the affected API endpoint until the issue is resolved.