Bugzilla – Bug 933107
VUL-0: CVE-2015-4085: etherpad: path handling that allowed directory traversal
Last modified: 2016-02-18 17:40:34 UTC
Via oss-sec: http://seclists.org/oss-sec/2015/q2/547
A vulnerability was discovered in Etherpad (see below). In order to
ensure full traceability, we need a CVE number assigned that we can
attach to further notifications. This issue is already public.
Title: Read-only directory traversal in Etherpad frontend tests
Reporter: Tom Hunkapiller
Versions: 1.2.0 through 1.5.3
Tom Hunkapiller reported a vulnerability in the frontend tests of
previous Etherpad releases, which are enabled by default. Parent
directory references were not correctly sanitized in frontend test
URLs of HTTP API calls, allowing an attacker to remotely read
arbitrary files on the server's filesystem with the privileges of
the account running the service.
This bug was introduced in commit ba4ebbb which was initially
included in the 1.2.0 release, and is fixed in commit 5409eb3 which
appears in the 1.5.4 release.
bugbot adjusting priority
Upgraded all our instances to 1.5.7 a while ago. I guess this fixes the problems mentioned above.