CVE-2020-22784

Name of the Vulnerable Software and Affected Versions Etherpad UeberDB versions prior to 0.4.4

Description The issue allows bypassing access controls enforced on key names when retrieving database records using UeberDB's MySQL connector. This is due to MySQL omitting trailing spaces on char / varchar columns during comparisons.

Recommendations For versions prior to 0.4.4, update to version 0.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive key names to minimize the risk of exploitation.