Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security features via a configuration setting (SIBLING_CONTAINERS_ENABLED
in Toolkit, SANDBOXED_COMPILES
in legacy docker-compose/custom deployments). If these security features are not enabled then users have access to the sharelatex
container resources (filesystem, network, environment variables) when running compiles, leading to multiple file access vulnerabilities, either directly or via symlinks created during compiles. The setting has now been changed to be secure by default for new installs in the Toolkit and legacy docker-compose deployment. The Overleaf Toolkit has been updated to set SIBLING_CONTAINERS_ENABLED=true
by default for new installs. It is recommended that any existing installations using the previous default setting migrate to using sibling containers. Existing installations can set SIBLING_CONTAINERS_ENABLED=true
in config/overleaf.rc
as a mitigation. In legacy docker-compose/custom deployments SANDBOXED_COMPILES=true
should be used.
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Overleaf | Overleaf | * | 2024-07-17 (excluding) |
Overleaf | Overleaf | * | 2024-08-28 (excluding) |
Access control involves the use of several protection mechanisms such as:
When any mechanism is not applied or otherwise fails, attackers can compromise the security of the product by gaining privileges, reading sensitive information, executing commands, evading detection, etc. There are two distinct behaviors that can introduce access control weaknesses: