Skip to main content

Improper Resource Shutdown or Release

CVE-2019-15302

Severity Medium
Score 5.5/10

Summary

The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker (who has access to a Rich Text pad with editing rights for the URL) to corrupt it (i.e., cause data loss) via a trivial URL modification.

  • LOW
  • NETWORK
  • SINGLE
  • PARTIAL
  • NONE
  • PARTIAL

CWE-404 - Improper Resource Shutdown or Release

The program does not release or incorrectly releases a resource before it is made available for re-use.

References

Advisory Timeline

  • Published