Cryptpad
Monthly
CryptPad versions prior to 2025.3.0 contain a critical authentication bypass vulnerability that allows attackers to circumvent Two-Factor Authentication (2FA) enforcement through a trivial path parameter manipulation. An attacker who obtains valid user credentials can bypass 2FA protection by URL-encoding a single character in the access path, gaining full account access without the second authentication factor. The vulnerability has a CVSS score of 9.1 (Critical) and requires no special privileges or user interaction to exploit.
CryptPad is a collaboration suite. Prior to version 2025.3.0, the "Link Bouncer" functionality attempts to filter javascript URIs to prevent Cross-Site Scripting (XSS), however this can be bypassed. There is an "early allow" code path that happens before the URI's protocol/scheme is checked, which a maliciously crafted URI can follow. This issue has been patched in version 2025.3.0.
CryptPad versions prior to 2025.3.0 contain a critical authentication bypass vulnerability that allows attackers to circumvent Two-Factor Authentication (2FA) enforcement through a trivial path parameter manipulation. An attacker who obtains valid user credentials can bypass 2FA protection by URL-encoding a single character in the access path, gaining full account access without the second authentication factor. The vulnerability has a CVSS score of 9.1 (Critical) and requires no special privileges or user interaction to exploit.
CryptPad is a collaboration suite. Prior to version 2025.3.0, the "Link Bouncer" functionality attempts to filter javascript URIs to prevent Cross-Site Scripting (XSS), however this can be bypassed. There is an "early allow" code path that happens before the URI's protocol/scheme is checked, which a maliciously crafted URI can follow. This issue has been patched in version 2025.3.0.