Papermark Directory Traversal Vulnerability Allowing Arbitrary File Retrieval from S3 via CloudFront

Vulnerability

A directory traversal vulnerability exists in Papermark versions through 0.20.0, allowing authenticated attackers to access arbitrary files from an S3 bucket. This is achieved through the CloudFront distribution using the 'POST /api/file/s3/get-presigned-get-url-proxy' API.

Impact

Exploitation of this vulnerability allows access to files outside of the intended directory for the user's team.

Added: Sep 22, 2025, 4:38 PM

Updated: Sep 23, 2025, 12:24 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

5.2

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

5.2

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Papermark Directory Traversal Vulnerability Allowing Arbitrary File Retrieval from S3 via CloudFront

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating