Lucene search

K

[email protected]NVD:CVE-2022-26306

HistoryJul 25, 2022 - 3:15 p.m.

CVE-2022-26306

2022-07-2515:15:09

CWE-326

CWE-330

[email protected]

web.nvd.nist.gov

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

53.5%

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user’s configuration data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1.

Affected configurations

NVD

Node

libreofficelibreofficeRange7.2.0–7.2.7

OR

libreofficelibreofficeRange7.3.0–7.3.3

Node

debiandebian_linuxMatch10.0

References

www.openwall.com/lists/oss-security/2022/08/13/1

lists.debian.org/debian-lts-announce/2023/03/msg00022.html

www.libreoffice.org/about-us/security/advisories/cve-2022-26306

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

53.5%

Related for NVD:CVE-2022-26306

debiancve1 cnvd1 ubuntucve1 prion2 cve2 veracode1 redhatcve1 alpinelinux1 cvelist2 nvd1 nessus17 openvas6 osv7 kaspersky1 ubuntu2 almalinux2 redhat2 rocky2 thn1 oraclelinux2 freebsd1 debian1