2021-04-28 20:22:44
mitre
PUBLISHED
In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDBs MySQL connector could allow bypassing access controls enforced on key names.