Lucene search

K
cve[email protected]CVE-2023-2255
HistoryMay 25, 2023 - 8:15 p.m.

CVE-2023-2255

2023-05-2520:15:09
CWE-264
web.nvd.nist.gov
281
cve-2023-2255
the document foundation
libreoffice
access control
external links
security vulnerability

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

34.2%

Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used β€œfloating frames” linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3.

Affected configurations

NVD
Node
libreofficelibreofficeRange7.4.0–7.4.7
OR
libreofficelibreofficeRange7.5.0–7.5.3
Node
debiandebian_linuxMatch11.0

CNA Affected

[
  {
    "vendor": "The Document Foundation",
    "product": "LibreOffice",
    "versions": [
      {
        "version": "7.4",
        "status": "affected",
        "lessThan": "7.4.7",
        "versionType": "custom"
      },
      {
        "version": "7.5",
        "status": "affected",
        "lessThan": "7.5.3",
        "versionType": "custom"
      }
    ]
  }
]

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

34.2%