CVE-2022-39018: Pdftron: add security layer to avoid the lack of authorisation check on rendered images from pdftron

DESCRIPTION:

Pdftron doesn't provide any native mechanism to ensure that rendered documents cannot be opened by someone else than the user supposed to access the rendered document.
We had to implement our own additional layer of security to check for the current user session and determine if the URLs can be opened or not.

Risk level: High

Fix: Upgrade to version 3.3.11.3 or later.

AFFECTED PRODUCTS:

* Hubshare

MORE INFORMATION:

N/A

ACKNOWLEDGEMENT

We thank Michael Newton <[email protected]> for responsible disclosure.

Date issued: 2022-08

LINKS

https://www.cve.org/CVERecord?id=CVE-2022-39018