CNNVD-202506-2556 Information
CNNVD ID
CNNVD-202506-2556
Related CVE
- CNNVD Published: 2025-06-18
Description (Chinese)
CryptPad是CryptPad开源的一个协作办公套件。 CryptPad 2025.3.0之前版本存在访问控制错误漏洞,该漏洞源于2FA实施不足,可能导致身份验证绕过。
Description (English)
CryptPad is a collaborative office suite for CryptPad open source. There was an access control error gap in the pre-CryptPad 2025.3.0 version, which stemmed from the inadequate implementation of the 2FA, which could lead to a circumvention of authentication.
Hazard Level
Medium
Vulnerability Type
访问控制错误
Affected Vendor
Cryptshare Ag
Published
2025-06-18
Last Modified
2026-02-24
References
https://github.com/cryptpad/cryptpad/blob/15c81aa8ccb737a9a1167481f4a699af331364bb/lib/ https://github.com/cryptpad/cryptpad/commit/0c5d4bbf5e5206d53470ea86a664fa2b703fb611 https://github.com/cryptpad/cryptpad/commit/f624f9d457d36040f57c7598d98a8b9461b79837 https://github.com/cryptpad/cryptpad/security/advisories/GHSA-xq5x-wgcm-3p33
Patch
https://github.com/cryptpad/cryptpad/releases
Share on: