CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45308 – MySQL & free URL mode allows to hide existing notes in hedgedoc
https://notcve.org/view.php?id=CVE-2024-45308
HedgeDoc is an open source, real-time, collaborative, markdown notes application. When using HedgeDoc 1 with MySQL or MariaDB, it is possible to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by the new one. When the freeURL feature is enabled (by setting the `allowFreeURL` config option or the `CMD_ALLOW_FREEURL` environment variable to `true`), any user with the appropriate permissions can create a note with an arbitrary alias, e.g. by accessing it in the browser. When MySQL or MariaDB are used, it is possible to create a new note with an alias that matches the lower-cased ID of a different note. • https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-pjf2-269h-cx7p https://github.com/hedgedoc/hedgedoc/commit/380587b7fd65bc1eb71eef51a3aab324f9877650 • CWE-1289: Improper Validation of Unsafe Equivalence in Input •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38487 – HedgeDoc API allows to hide existing notes
https://notcve.org/view.php?id=CVE-2023-38487
HedgeDoc is software for creating real-time collaborative markdown notes. Prior to version 1.9.9, the API of HedgeDoc 1 can be used to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by the new one. When the freeURL feature is enabled (by setting the `allowFreeURL` config option or the `CMD_ALLOW_FREEURL` environment variable to `true`), any user with the appropriate permissions can create a note by making a POST request to the `/new/<ALIAS>` API endpoint. The `<ALIAS>` parameter can be set to the ID of an existing note. HedgeDoc did not verify whether the provided `<ALIAS>` value corresponds to a valid ID of an existing note and always allowed creation of the new note. • https://github.com/hedgedoc/hedgedoc/pull/4476/commits/781263ab84255885e1fe60c7e92e2f8d611664d2 https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-7494-7hcf-vxpg • CWE-289: Authentication Bypass by Alternate Name •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39175 – XSS vector in slide mode speaker-view
https://notcve.org/view.php?id=CVE-2021-39175
HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into another page. The problem is patched in version 1.9.0. There are no known workarounds aside from upgrading. HedgeDoc es una plataforma para escribir y compartir markdown. • https://github.com/hedgedoc/hedgedoc/pull/1369 https://github.com/hedgedoc/hedgedoc/pull/1375 https://github.com/hedgedoc/hedgedoc/pull/1513 https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-j748-779h-9697 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-346: Origin Validation Error •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29503 – Improper Neutralization of Script-Related HTML Tags in Notes
https://notcve.org/view.php?id=CVE-2021-29503
HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend rendering the script tag as part of the `<head>` section. Unless your instance prevents guests from editing notes, this vulnerability allows unauthenticated attackers to inject JavaScript into notes that allow guest edits. If your instance prevents guests from editing notes, this vulnerability allows authenticated attackers to inject JavaScript into any note pages they have write-access to. • https://github.com/hedgedoc/hedgedoc/commit/01dad5821ee28377ebe640c6c72c3e0bb0d51ea7 https://github.com/hedgedoc/hedgedoc/releases/tag/1.8.2 https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-gjg7-4j2h-94fq • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-29474 – Relative Path Traversal Attack on note creation
https://notcve.org/view.php?id=CVE-2021-29474
HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker can read arbitrary `.md` files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can try to open the following URL: `http://localhost:3000/..%2F..%2FREADME#` (replace `http://localhost:3000` with your instance's base-URL e.g. `https://demo.hedgedoc.org/..%2F..%2FREADME#`). If you see a README page being rendered, you run an affected version. • https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-p528-555r-pf87 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •