Vulnerabilites related to overleaf - overleaf
Vulnerability from fkie_nvd
Published
2024-09-02 18:15
Modified
2024-09-25 18:12
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security features via a configuration setting (`SIBLING_CONTAINERS_ENABLED` in Toolkit, `SANDBOXED_COMPILES` in legacy docker-compose/custom deployments). If these security features are not enabled then users have access to the `sharelatex` container resources (filesystem, network, environment variables) when running compiles, leading to multiple file access vulnerabilities, either directly or via symlinks created during compiles. The setting has now been changed to be secure by default for new installs in the Toolkit and legacy docker-compose deployment. The Overleaf Toolkit has been updated to set `SIBLING_CONTAINERS_ENABLED=true` by default for new installs. It is recommended that any existing installations using the previous default setting migrate to using sibling containers. Existing installations can set `SIBLING_CONTAINERS_ENABLED=true` in `config/overleaf.rc` as a mitigation. In legacy docker-compose/custom deployments `SANDBOXED_COMPILES=true` should be used.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:overleaf:overleaf:*:*:*:*:server_pro:*:*:*",
"matchCriteriaId": "7BA23C74-E8C9-43B5-9E55-046E979CDDCF",
"versionEndExcluding": "2024-07-17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:overleaf:overleaf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E5B5EB4-01F3-4BA0-8D47-C640655B642D",
"versionEndExcluding": "2024-08-28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security features via a configuration setting (`SIBLING_CONTAINERS_ENABLED` in Toolkit, `SANDBOXED_COMPILES` in legacy docker-compose/custom deployments). If these security features are not enabled then users have access to the `sharelatex` container resources (filesystem, network, environment variables) when running compiles, leading to multiple file access vulnerabilities, either directly or via symlinks created during compiles. The setting has now been changed to be secure by default for new installs in the Toolkit and legacy docker-compose deployment. The Overleaf Toolkit has been updated to set `SIBLING_CONTAINERS_ENABLED=true` by default for new installs. It is recommended that any existing installations using the previous default setting migrate to using sibling containers. Existing installations can set `SIBLING_CONTAINERS_ENABLED=true` in `config/overleaf.rc` as a mitigation. In legacy docker-compose/custom deployments `SANDBOXED_COMPILES=true` should be used."
},
{
"lang": "es",
"value": "Overleaf es un editor colaborativo de LaTeX basado en la web. Al instalar Server Pro utilizando el kit de herramientas de Overleaf anterior al 17 de julio de 2024 o el archivo docker-compose.yml anterior al 28 de agosto de 2024, la configuraci\u00f3n para las compilaciones de LaTeX era insegura de forma predeterminada, lo que requer\u00eda que el administrador habilitara las funciones de seguridad a trav\u00e9s de una opci\u00f3n de configuraci\u00f3n (`SIBLING_CONTAINERS_ENABLED` en el kit de herramientas, `SANDBOXED_COMPILES` en las implementaciones tradicionales de docker-compose/custom). Si estas funciones de seguridad no est\u00e1n habilitadas, los usuarios tienen acceso a los recursos del contenedor `sharelatex` (sistema de archivos, red, variables de entorno) al ejecutar compilaciones, lo que genera m\u00faltiples vulnerabilidades de acceso a archivos, ya sea directamente o a trav\u00e9s de enlaces simb\u00f3licos creados durante las compilaciones. La configuraci\u00f3n ahora se ha cambiado para que sea segura de forma predeterminada para las nuevas instalaciones en el kit de herramientas y la implementaci\u00f3n tradicional de docker-compose. Se actualiz\u00f3 el kit de herramientas de Overleaf para configurar `SIBLING_CONTAINERS_ENABLED=true` de manera predeterminada para las nuevas instalaciones. Se recomienda que todas las instalaciones existentes que utilicen la configuraci\u00f3n predeterminada anterior migren al uso de contenedores hermanos. Las instalaciones existentes pueden configurar `SIBLING_CONTAINERS_ENABLED=true` en `config/overleaf.rc` como mitigaci\u00f3n. En las implementaciones docker-compose/custom heredadas, se debe utilizar `SANDBOXED_COMPILES=true`."
}
],
"id": "CVE-2024-45313",
"lastModified": "2024-09-25T18:12:53.543",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-02T18:15:37.850",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/overleaf/overleaf/security/advisories/GHSA-m95q-g8qg-wgj4"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/overleaf/overleaf/wiki/Server-Pro:-Sandboxed-Compiles"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/overleaf/toolkit/blob/master/doc/sandboxed-compiles.md#enabling-sibling-containers"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/overleaf/toolkit/commit/7a8401897b24777b47338452ff8d12e2fb6dd5ff"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
},
{
"lang": "en",
"value": "CWE-1188"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1188"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-02 18:15
Modified
2024-09-25 18:37
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Overleaf is a web-based collaborative LaTeX editor. Overleaf Community Edition and Server Pro prior to version 5.0.7 (or 4.2.7 for the 4.x series) contain a vulnerability that allows an arbitrary language parameter in client spelling requests to be passed to the `aspell` executable running on the server. This causes `aspell` to attempt to load a dictionary file with an arbitrary filename. File access is limited to the scope of the overleaf server. The problem is patched in versions 5.0.7 and 4.2.7. Previous versions can be upgraded using the Overleaf toolkit `bin/upgrade` command. Users unable to upgrade may block POST requests to `/spelling/check` via a Web Application Firewall will prevent access to the vulnerable spell check feature. However, upgrading is advised.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:overleaf:overleaf:*:*:*:*:community:*:*:*",
"matchCriteriaId": "53769305-4F7A-4CE9-888D-3B63225071E4",
"versionEndExcluding": "4.2.7",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:overleaf:overleaf:*:*:server_pro:*:*:*:*:*",
"matchCriteriaId": "3161C33E-60FA-4D07-ACCD-BA1F3EC40F32",
"versionEndExcluding": "4.2.7",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:overleaf:overleaf:*:*:*:*:community:*:*:*",
"matchCriteriaId": "D0820A44-0780-4743-8231-9F67BECBD4B1",
"versionEndExcluding": "5.0.7",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:overleaf:overleaf:*:*:server_pro:*:*:*:*:*",
"matchCriteriaId": "4E8DD198-F376-43FC-97BE-582922C38AE6",
"versionEndExcluding": "5.0.7",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Overleaf is a web-based collaborative LaTeX editor. Overleaf Community Edition and Server Pro prior to version 5.0.7 (or 4.2.7 for the 4.x series) contain a vulnerability that allows an arbitrary language parameter in client spelling requests to be passed to the `aspell` executable running on the server. This causes `aspell` to attempt to load a dictionary file with an arbitrary filename. File access is limited to the scope of the overleaf server. The problem is patched in versions 5.0.7 and 4.2.7. Previous versions can be upgraded using the Overleaf toolkit `bin/upgrade` command. Users unable to upgrade may block POST requests to `/spelling/check` via a Web Application Firewall will prevent access to the vulnerable spell check feature. However, upgrading is advised."
},
{
"lang": "es",
"value": "Overleaf es un editor colaborativo de LaTeX basado en la web. Overleaf Community Edition y Server Pro anteriores a la versi\u00f3n 5.0.7 (o 4.2.7 para la serie 4.x) contienen una vulnerabilidad que permite que un par\u00e1metro de idioma arbitrario en las solicitudes de ortograf\u00eda del cliente se pase al ejecutable `aspell` que se ejecuta en el servidor. Esto hace que `aspell` intente cargar un archivo de diccionario con un nombre de archivo arbitrario. El acceso al archivo est\u00e1 limitado al \u00e1mbito del servidor de Overleaf. El problema se solucion\u00f3 en las versiones 5.0.7 y 4.2.7. Las versiones anteriores se pueden actualizar utilizando el comando `bin/upgrade` del kit de herramientas de Overleaf. Los usuarios que no puedan actualizar pueden bloquear las solicitudes POST a `/spelling/check` a trav\u00e9s de un firewall de aplicaciones web que impedir\u00e1 el acceso a la funci\u00f3n de revisi\u00f3n ortogr\u00e1fica vulnerable. Sin embargo, se recomienda realizar la actualizaci\u00f3n."
}
],
"id": "CVE-2024-45312",
"lastModified": "2024-09-25T18:37:23.867",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-02T18:15:37.580",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/overleaf/overleaf/commit/b5e5d39c3ad4e7763d42b837738955f8ded4dcd3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/overleaf/overleaf/security/advisories/GHSA-pxm4-p454-vppg"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/overleaf/toolkit"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-641"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-45312 (GCVE-0-2024-45312)
Vulnerability from cvelistv5
Published
2024-09-02 16:50
Modified
2024-09-03 14:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Overleaf is a web-based collaborative LaTeX editor. Overleaf Community Edition and Server Pro prior to version 5.0.7 (or 4.2.7 for the 4.x series) contain a vulnerability that allows an arbitrary language parameter in client spelling requests to be passed to the `aspell` executable running on the server. This causes `aspell` to attempt to load a dictionary file with an arbitrary filename. File access is limited to the scope of the overleaf server. The problem is patched in versions 5.0.7 and 4.2.7. Previous versions can be upgraded using the Overleaf toolkit `bin/upgrade` command. Users unable to upgrade may block POST requests to `/spelling/check` via a Web Application Firewall will prevent access to the vulnerable spell check feature. However, upgrading is advised.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:overleaf:overleaf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "overleaf",
"vendor": "overleaf",
"versions": [
{
"lessThan": "4.2.7",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThan": "5.0.7",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45312",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T13:41:31.680033Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T14:04:59.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "overleaf",
"vendor": "overleaf",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.2.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Overleaf is a web-based collaborative LaTeX editor. Overleaf Community Edition and Server Pro prior to version 5.0.7 (or 4.2.7 for the 4.x series) contain a vulnerability that allows an arbitrary language parameter in client spelling requests to be passed to the `aspell` executable running on the server. This causes `aspell` to attempt to load a dictionary file with an arbitrary filename. File access is limited to the scope of the overleaf server. The problem is patched in versions 5.0.7 and 4.2.7. Previous versions can be upgraded using the Overleaf toolkit `bin/upgrade` command. Users unable to upgrade may block POST requests to `/spelling/check` via a Web Application Firewall will prevent access to the vulnerable spell check feature. However, upgrading is advised."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-641",
"description": "CWE-641: Improper Restriction of Names for Files and Other Resources",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-02T16:50:08.305Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/overleaf/overleaf/security/advisories/GHSA-pxm4-p454-vppg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/overleaf/overleaf/security/advisories/GHSA-pxm4-p454-vppg"
},
{
"name": "https://github.com/overleaf/overleaf/commit/b5e5d39c3ad4e7763d42b837738955f8ded4dcd3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/overleaf/overleaf/commit/b5e5d39c3ad4e7763d42b837738955f8ded4dcd3"
},
{
"name": "https://github.com/overleaf/toolkit",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/overleaf/toolkit"
}
],
"source": {
"advisory": "GHSA-pxm4-p454-vppg",
"discovery": "UNKNOWN"
},
"title": "Arbitrary language parameter can passed to `aspell` executable via spelling requests in overleaf"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45312",
"datePublished": "2024-09-02T16:50:08.305Z",
"dateReserved": "2024-08-26T18:25:35.444Z",
"dateUpdated": "2024-09-03T14:04:59.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45313 (GCVE-0-2024-45313)
Vulnerability from cvelistv5
Published
2024-09-02 16:54
Modified
2024-09-03 14:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security features via a configuration setting (`SIBLING_CONTAINERS_ENABLED` in Toolkit, `SANDBOXED_COMPILES` in legacy docker-compose/custom deployments). If these security features are not enabled then users have access to the `sharelatex` container resources (filesystem, network, environment variables) when running compiles, leading to multiple file access vulnerabilities, either directly or via symlinks created during compiles. The setting has now been changed to be secure by default for new installs in the Toolkit and legacy docker-compose deployment. The Overleaf Toolkit has been updated to set `SIBLING_CONTAINERS_ENABLED=true` by default for new installs. It is recommended that any existing installations using the previous default setting migrate to using sibling containers. Existing installations can set `SIBLING_CONTAINERS_ENABLED=true` in `config/overleaf.rc` as a mitigation. In legacy docker-compose/custom deployments `SANDBOXED_COMPILES=true` should be used.
References
| ► | URL | Tags |
|---|---|---|
|
|
||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45313",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T13:41:03.949634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T14:03:22.825Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "overleaf",
"vendor": "overleaf",
"versions": [
{
"status": "affected",
"version": "Docker-Compose: \u003c 2024-08-28"
},
{
"status": "affected",
"version": "Toolkit: \u003c 2024-07-17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security features via a configuration setting (`SIBLING_CONTAINERS_ENABLED` in Toolkit, `SANDBOXED_COMPILES` in legacy docker-compose/custom deployments). If these security features are not enabled then users have access to the `sharelatex` container resources (filesystem, network, environment variables) when running compiles, leading to multiple file access vulnerabilities, either directly or via symlinks created during compiles. The setting has now been changed to be secure by default for new installs in the Toolkit and legacy docker-compose deployment. The Overleaf Toolkit has been updated to set `SIBLING_CONTAINERS_ENABLED=true` by default for new installs. It is recommended that any existing installations using the previous default setting migrate to using sibling containers. Existing installations can set `SIBLING_CONTAINERS_ENABLED=true` in `config/overleaf.rc` as a mitigation. In legacy docker-compose/custom deployments `SANDBOXED_COMPILES=true` should be used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188: Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-02T16:54:19.915Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/overleaf/overleaf/security/advisories/GHSA-m95q-g8qg-wgj4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/overleaf/overleaf/security/advisories/GHSA-m95q-g8qg-wgj4"
},
{
"name": "https://github.com/overleaf/toolkit/commit/7a8401897b24777b47338452ff8d12e2fb6dd5ff",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/overleaf/toolkit/commit/7a8401897b24777b47338452ff8d12e2fb6dd5ff"
},
{
"name": "https://github.com/overleaf/overleaf/wiki/Server-Pro:-Sandboxed-Compiles",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/overleaf/overleaf/wiki/Server-Pro:-Sandboxed-Compiles"
},
{
"name": "https://github.com/overleaf/toolkit/blob/master/doc/sandboxed-compiles.md#enabling-sibling-containers",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/overleaf/toolkit/blob/master/doc/sandboxed-compiles.md#enabling-sibling-containers"
}
],
"source": {
"advisory": "GHSA-m95q-g8qg-wgj4",
"discovery": "UNKNOWN"
},
"title": "Insecure default setting for Server Pro installed via Overleaf toolkit"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45313",
"datePublished": "2024-09-02T16:54:19.915Z",
"dateReserved": "2024-08-26T18:25:35.444Z",
"dateUpdated": "2024-09-03T14:03:22.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}