Improper Resource Shutdown or Release
CVE-2019-15302
Summary
The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker (who has access to a Rich Text pad with editing rights for the URL) to corrupt it (i.e., cause data loss) via a trivial URL modification.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- LOW
- NONE
- NONE
CWE-404 - Improper Resource Shutdown or Release
The program does not release or incorrectly releases a resource before it is made available for re-use.
References
Advisory Timeline
- Published