Via oss-sec: http://seclists.org/oss-sec/2015/q2/547

A vulnerability was discovered in Etherpad (see below). In order to
ensure full traceability, we need a CVE number assigned that we can
attach to further notifications. This issue is already public.

Title: Read-only directory traversal in Etherpad frontend tests
Reporter: Tom Hunkapiller
Versions: 1.2.0 through 1.5.3

Description:
Tom Hunkapiller reported a vulnerability in the frontend tests of
previous Etherpad releases, which are enabled by default. Parent
directory references were not correctly sanitized in frontend test
URLs of HTTP API calls, allowing an attacker to remotely read
arbitrary files on the server's filesystem with the privileges of
the account running the service.

Notes:
This bug was introduced in commit ba4ebbb which was initially
included in the 1.2.0 release, and is fixed in commit 5409eb3 which
appears in the 1.5.4 release.

References:
https://github.com/ether/etherpad-lite/commit/5409eb314c4e072b9760b8d30b985fa0bb96a006





References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4085
http://seclists.org/oss-sec/2015/q2/547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4085
http://openwall.com/lists/oss-security/2015/04/11/10