HIGH🇬🇧 English

CVE-2023-49788

CVSS 7.2v3.1pub. 2023-12-08upd. 2024-11-21

Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server (richdocumentscode) is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attack via modified client->server commands to overwrite files outside the sub directory the server has provided for the transient session. Files which can be accessed are limited to those that the server process has access to. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.602. Users are advised to upgrade. There are no known workarounds for this vulnerability.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
  • Collaboraoffice Richdocumentscode

    APP
    Collaboraoffice
    < 23.5.602
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2023-49782HIGH7.1ten sam produkt

Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud wi...

CVE-2023-48314HIGH7.1ten sam vendor

Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud wi...

CVE-2023-34088HIGH8.7ten sam vendor

Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was...

CVE-2021-25630HIGH7.8ten sam vendor

"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Befo...

CVE-2024-29182MEDIUM6.1ten sam vendor

Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vu...