Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-29475: Disable PDF export due to security issue · hedgedoc/hedgedoc@c178947

HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has to take place as note content, there fore this exploit requires the attackers ability to modify a note. This will affect all instances, which have pdf export enabled. This issue has been fixed by https://github.com/hedgedoc/hedgedoc/commit/c1789474020a6d668d616464cb2da5e90e123f65 and is available in version 1.5.0. Starting the CodiMD/HedgeDoc instance with CMD_ALLOW_PDF_EXPORT=false or set "allowPDFExport": false in config.json can mitigate this issue for those who cannot upgrade. This exploit works because while PhantomJS doesn’t actually render the file:/// references to the PDF file itself, it still uses them internally, and exfiltration is possible, and easy through JavaScript rendering. The impact is pretty bad, as the attacker is able to read the CodiMD/HedgeDoc config.json file as well any other files on the filesystem. Even though the suggested Docker deploy option doesn’t have many interesting files itself, the config.json still often contains sensitive information, database credentials, and maybe OAuth secrets among other things.

CVE
#js#git#java#pdf#oauth#auth#docker

Permalink

Browse files

Disable PDF export due to security issue

As a temporary fix, to keep you and your users save, this patch disables the PDF export feature. Details of the attack along with a fix for future versions of CodiMD will be released in future.

I hope you can live with this solution for this release because I’m super short on time and the alternative would be to ship no fix at all. This appears to be the better solution for this release.

Signed-off-by: Sheogorath [email protected]

  • Loading branch information

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907