Vulnerability Description
Etherpad <1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Etherpad | Etherpad | < 1.8.3 |
Related Weaknesses (CWE)
References
- https://github.com/ether/etherpad-lite/commit/53f126082a8b3d094e48b159f0f0bc8a5dPatchThird Party Advisory
- https://github.com/ether/etherpad-lite/issues/3421ExploitIssue TrackingThird Party Advisory
- https://github.com/ether/etherpad-lite/commit/53f126082a8b3d094e48b159f0f0bc8a5dPatchThird Party Advisory
- https://github.com/ether/etherpad-lite/issues/3421ExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2020-22783?
CVE-2020-22783 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Etherpad <1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad.
How severe is CVE-2020-22783?
CVE-2020-22783 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-22783?
Check the references section above for vendor advisories and patch information. Affected products include: Etherpad Etherpad.