Lucene search

[email protected]CVE-2023-30186

HistoryAug 14, 2023 - 1:15 p.m.

CVE-2023-30186

2023-08-1413:15:10

CWE-416

[email protected]

web.nvd.nist.gov

cve-2023-30186

use after free

onlyoffice

documentserver

remote code execution

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.0%

JSON

A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.

Affected configurations

NVD

Node

onlyofficedocument_serverRange4.0.3–7.3.2

CPENameOperatorVersion
onlyoffice:document_serveronlyoffice document serverle7.3.2

CPE	Name	Operator	Version
onlyoffice:document_server	onlyoffice document server	le	7.3.2

References

onlyoffice.com

gist.github.com/merrychap/25eba8c4dd97c9e545edad1b8f0eadc2

github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/

github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/embed/NativeControlEmbed.cpp#L110

github.com/ONLYOFFICE/core/commit/2b6ad83b36afd9845085b536969d366d1d61150a

github.com/ONLYOFFICE/DocumentServer

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.0%

JSON

Related for CVE-2023-30186

cvelist1 nvd1 osv1 prion1