Information Disclosure

2019-01-1509:17:02

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

libreoffice is vulnerable to information disclosure attacks. The vulnerability exists by exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user’s filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the attacker to know the precise file path in the target system, and the need to trick the user into saving the document and sending it back.

CPENameOperatorVersion
libreofficeeq4.0.4.2__14.el6
libreofficeeq4.2.8.2__11.el6
libreofficeeq3.4.5.2__16.1.el6_3
libreofficeeq3.4.5.2__16.el6
libreofficeeq4.2.8.2__11.el6_7.1
libreofficeeq4.0.4.2__9.el6

Name	Operator	Version
libreoffice	eq	4.0.4.2__14.el6
libreoffice	eq	4.2.8.2__11.el6
libreoffice	eq	3.4.5.2__16.1.el6_3
libreoffice	eq	3.4.5.2__16.el6
libreoffice	eq	4.2.8.2__11.el6_7.1
libreoffice	eq	4.0.4.2__9.el6