Lucene search

K

GoogleOSV:CVE-2023-6186

HistoryDec 11, 2023 - 12:15 p.m.

CVE-2023-6186

2023-12-1112:15:07

Google

osv.dev

9

cve-2023-6186

document foundation

libreoffice

hyperlinks

macro

security vulnerability

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.7%

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning.

In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.

References

lists.debian.org/debian-lts-announce/2023/12/msg00026.html

lists.fedoraproject.org/archives/list/[email protected]/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/

www.debian.org/security/2023/dsa-5574

www.libreoffice.org/about-us/security/advisories/cve-2023-6186

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.7%

Related for OSV:CVE-2023-6186

veracode1 cnvd1 ubuntucve1 debiancve1 cvelist1 nessus27 alpinelinux1 cve1 prion1 nvd1 redhatcve1 oraclelinux3 redhat8 ubuntu2 openvas8 osv10 fedora2 rocky3 almalinux3 gentoo1 kaspersky1 mageia1 debian2 redos1