PT-2024-34563 · Firepad · Firepad
Published
2024-12-04
·
Updated
2024-12-05
·
CVE-2024-51210
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Firepad versions 1.5.11 and earlier
Description
The issue allows remote attackers, who have knowledge of a
pad ID, to retrieve both the current text of a document and all content that has previously been pasted into the document. This behavior is intentional in several similar products for anyone who knows the full document ID and corresponding URL. However, this vulnerability only affects products that are no longer supported by the maintainer.Recommendations
For Firepad versions 1.5.11 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Out of bounds Read
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Firepad