CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45308 – MySQL & free URL mode allows to hide existing notes in hedgedoc
https://notcve.org/view.php?id=CVE-2024-45308
HedgeDoc is an open source, real-time, collaborative, markdown notes application. When using HedgeDoc 1 with MySQL or MariaDB, it is possible to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by the new one. When the freeURL feature is enabled (by setting the `allowFreeURL` config option or the `CMD_ALLOW_FREEURL` environment variable to `true`), any user with the appropriate permissions can create a note with an arbitrary alias, e.g. by accessing it in the browser. When MySQL or MariaDB are used, it is possible to create a new note with an alias that matches the lower-cased ID of a different note. • https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-pjf2-269h-cx7p https://github.com/hedgedoc/hedgedoc/commit/380587b7fd65bc1eb71eef51a3aab324f9877650 • CWE-1289: Improper Validation of Unsafe Equivalence in Input •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38487 – HedgeDoc API allows to hide existing notes
https://notcve.org/view.php?id=CVE-2023-38487
HedgeDoc is software for creating real-time collaborative markdown notes. Prior to version 1.9.9, the API of HedgeDoc 1 can be used to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by the new one. When the freeURL feature is enabled (by setting the `allowFreeURL` config option or the `CMD_ALLOW_FREEURL` environment variable to `true`), any user with the appropriate permissions can create a note by making a POST request to the `/new/<ALIAS>` API endpoint. The `<ALIAS>` parameter can be set to the ID of an existing note. HedgeDoc did not verify whether the provided `<ALIAS>` value corresponds to a valid ID of an existing note and always allowed creation of the new note. • https://github.com/hedgedoc/hedgedoc/pull/4476/commits/781263ab84255885e1fe60c7e92e2f8d611664d2 https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-7494-7hcf-vxpg • CWE-289: Authentication Bypass by Alternate Name •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24837 – Enumerable upload file names in hedgedoc
https://notcve.org/view.php?id=CVE-2022-24837
HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes and affects all upload backends, except Lutim and imgur. This issue is patched in version 1.9.3 by replacing the filename generation with UUIDv4. If you cannot upgrade to HedgeDoc 1.9.3, it is possible to block POST requests to `/uploadimage`, which will disable future uploads. • https://github.com/hedgedoc/hedgedoc/commit/9e2f9e21e904c4a319e84265da7ef03b0a8e343a https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-q6vv-2q26-j7rx https://github.com/node-formidable/formidable/issues/808 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-434: Unrestricted Upload of File with Dangerous Type •