CVE-2022-39018: Pdftron: add security layer to avoid the lack of authorisation check on rendered images from pdftron
DESCRIPTION
Pdftron doesn’t provide any native mechanism to ensure that rendered documents cannot be opened by someone else than the user supposed to access the rendered document.
We had to implement our own additional layer of security to check for the current user session and determine if the URLs can be opened or not.
Risk level: High
Fix: Upgrade to version 3.3.11.3 or later.
AFFECTED PRODUCTS
Hubshare
MORE INFORMATION
N/A
ACKNOWLEDGEMENT
We thank Michael Newton <mnewton@themissinglink.com.au> for responsible disclosure.
Date issued: 2022-08
LINKS