CVE-2023-52332 | Allegra serveMathJaxLibraries Directory Traversal Information Disclosure Vulnerability
Allegra serveMathJaxLibraries Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the serveMathJaxLibraries method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22532.
Conclusion & alert: CVE-2023-52332 is rated Moderate Risk (56.8/100): CVSS High severity, with medium exploitation likelihood (EPSS 1.99%).Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Exploit prediction scoring system (EPSS) score for CVE-2023-52332
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).