What is CVE-2021-43802?

CVE-2021-43802 is a critical-severity vulnerability in Ether Etherpad-lite, classified under CWE-790. CVSS score: 9.9/10. Published 2021-12-09.

How severe is CVE-2021-43802?

Critical severity. CVSS v3 base score is 9.9 out of 10.

Vulnerability in Ether Etherpad-lite

CVE-2021-43802

Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an `*.etherpad` file that, when imported, might allow the attacker to gain admin privileges for the Etherpad instance. This, in turn, can be u…

EPSS: 0.005 (68.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Ether Etherpad-lite — versions < 1.8.16

Weakness classification (CWE)

References

github.com/ether/etherpad-lite/security/advisories/GHSA-w3g3-qf3g-2mqc (x_refsource_CONFIRM)
github.com/ether/etherpad-lite/issues/5010 (x_refsource_MISC)
github.com/ether/etherpad-lite/compare/b7065eb9a0ec7c3c265f8cfeb2534efe6f036456… (x_refsource_MISC)
github.com/ether/etherpad-lite/releases/tag/1.8.16 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-43802?: CVE-2021-43802 is a critical-severity vulnerability in Ether Etherpad-lite, classified under CWE-790. CVSS score: 9.9/10. Published 2021-12-09.
How severe is CVE-2021-43802?: Critical severity. CVSS v3 base score is 9.9 out of 10.