Bypassing Access Controls in Etherpad UeberDB MySQL Connector

Bypassing Access Controls in Etherpad UeberDB MySQL Connector

CVE-2020-22784 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing access controls enforced on key names.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.