Lucene search

K
redhatcveRedhat.comRH:CVE-2023-2255
HistoryMay 26, 2023 - 8:40 p.m.

CVE-2023-2255

2023-05-2620:40:53
redhat.com
access.redhat.com
58
cve-2023-2255
libreoffice
access control
document foundation
external links
floating frames
security vulnerability

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

34.2%

A vulnerability was found in LibreOffice. Improper access control in the editor components of The Document Foundation in LibreOffice allows an attacker to craft a document that causes external links to load without a prompt. In the affected versions of LibreOffice documents that used β€œfloating frames” linked to external files, they would load the contents of those frames without prompting the user for permission. This action was inconsistent with the treatment of other linked content in LibreOffice.

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

34.2%