CVE-2018-19620: Showdoc Unauthenticated Access
(updated )
ShowDoc 2.4.1 allows remote attackers to edit other users’ notes by navigating with a modified page_id.
References
- github.com/CCCCCrash/POCs/tree/master/Web/showdoc/IncorrectAccessControl
- github.com/advisories/GHSA-pfrc-5hhq-6hvr
- github.com/star7th/showdoc
- github.com/star7th/showdoc/commit/bcdb5e3519285bdf81e618b3c9b90d22bc49e13c
- github.com/star7th/showdoc/commits/v2.4.2
- github.com/star7th/showdoc/issues/397
- nvd.nist.gov/vuln/detail/CVE-2018-19620
Code Behaviors & Features
Detect and mitigate CVE-2018-19620 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →