Lucene search

K
nvd[email protected]NVD:CVE-2023-6186
HistoryDec 11, 2023 - 12:15 p.m.

CVE-2023-6186

2023-12-1112:15:07
CWE-281
web.nvd.nist.gov
10
insufficient permission validation
libreoffice
built-in macros
hyperlinks
security vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.7%

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning.

In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.

Affected configurations

Nvd
Node
libreofficelibreofficeRange7.5.07.5.9
OR
libreofficelibreofficeRange7.6.07.6.4
Node
fedoraprojectfedoraMatch38
Node
debiandebian_linuxMatch11.0
OR
debiandebian_linuxMatch12.0
VendorProductVersionCPE
libreofficelibreoffice*cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*
fedoraprojectfedora38cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
debiandebian_linux11.0cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
debiandebian_linux12.0cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.7%