CVE-2023-28459

CVSS V2 None CVSS V3 None

Description

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the reading of arbitrary files.

Overview

CVE ID
CVE-2023-28459

Assigner
cve@mitre.org

Vulnerability Status
Undergoing Analysis

Published Version
2023-04-20T21:15:08

Last Modified Date
2023-04-21T01:45:50

References

Reference URL	Reference Tags
https://github.com/pretalx/pretalx/commit/60722c43cf975f319e94102e6bff320723776890
https://github.com/pretalx/pretalx/releases/tag/v2.3.2
https://pretalx.com/p/news/security-release-232/
https://www.sonarsource.com/blog/pretalx-vulnerabilities-how-to-get-accepted-at-every-conference/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-28459
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28459

History

Created	Old Value	New Value	Data Type	Notes
2023-04-20 22:00:52				Added to TrackCVE
2023-04-21 02:01:19		2023-04-21T01:45:50	CVE Modified Date	updated
2023-04-21 02:01:19	Received	Awaiting Analysis	Vulnerability Status	updated
2023-04-27 13:01:13	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated