Vulnerabilities > CVE-2019-20801 - Missing Authorization vulnerability in Readdle Documents

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

readdle

CWE-862

NVD

Published: 2020-05-18

Updated: 2021-07-21

Summary

An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code (that accesses a user's data) via cross-origin requests.

Vulnerable Configurations

Part	Description	Count
Application	Readdle Readdle Documents 6.8.7 Readdle Documents 6.8.8 Readdle Documents 6.8.10 Readdle Documents 6.9 Readdle Documents 6.9.1 Readdle Documents 6.9.2 Readdle Documents 6.9.3 Readdle Documents 6.9.4 Readdle Documents 6.9.5 Readdle Documents 6.9.6	10

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References