Lucene search

GoogleOSV:USN-6023-1

HistoryApr 17, 2023 - 10:24 a.m.

libreoffice vulnerability

2023-04-1710:24:05

Google

osv.dev

libreoffice

vulnerability

java

class path

arbitrary code

execution

software

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

29.8%

JSON

It was discovered that LibreOffice may be configured to add an
empty entry to the Java class path. This may lead to run arbitrary
Java code from the current directory.

References

ubuntu.com/security/CVE-2022-38745

ubuntu.com/security/notices/USN-6023-1

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

29.8%

JSON

Related for OSV:USN-6023-1