Lucene search

K
redhatcveRedhat.comRH:CVE-2023-6186
HistoryDec 11, 2023 - 1:58 p.m.

CVE-2023-6186

2023-12-1113:58:22
redhat.com
access.redhat.com
37
cve-2023-6186
insufficient permission validation
libreoffice
hyperlinks
built-in macros
security vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

31.7%

An insufficient permission validation vulnerability was found in LibreOffice. In versions that support running commands in hyperlinks, an attacker can execute built-in macros without warning the user.

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

31.7%