PT-2015-4981 · Sharelatex · Sharelatex
Tobias Fiebig
·
Published
2015-03-04
·
Updated
2015-03-04
·
CVE-2015-0933
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ShareLaTeX versions 0.1.3 and earlier
Description
The issue allows remote authenticated users to read arbitrary files via a include command due to an absolute path traversal vulnerability when the paranoid openin any setting is omitted.
Recommendations
For ShareLaTeX versions 0.1.3 and earlier, consider adding the paranoid openin any setting to prevent absolute path traversal.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sharelatex