Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-32744
HistoryJul 21, 2021 - 4:15 p.m.

CVE-2021-32744

2021-07-2116:15:08
CWE-639
[email protected]
web.nvd.nist.gov
17
4
collabora online
cve-2021-32744
security vulnerability
unauthenticated access
file editor
idor
patch
update required

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

53.8%

JSON

Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to guess the file identifier - the predictability of this file identifier is dependent on external file-storage implementations (this is a potential “IDOR” - Insecure Direct Object Reference - vulnerability). Versions 4.2.17-1 and 6.4.9-5 contain patches for this issue. There is no known workaround except updating the Collabora Online application to one of the patched releases.

Affected configurations

Vulners
NVD
Node
collaboraonlineonlineRange<4.2.17-1
OR
collaboraonlineonlineRange6.4.06.4.9-5

CNA Affected

[
  {
    "product": "online",
    "vendor": "CollaboraOnline",
    "versions": [
      {
        "status": "affected",
        "version": "< 4.2.17-1"
      },
      {
        "status": "affected",
        "version": ">= 6.4.0, < 6.4.9-5"
      }
    ]
  }
]

Social References

More

Related

prion 1
openvas 1
cvelist 1
nvd 1
prion
prion
Design/Logic Flaw
2021-07-21 16:15:00
openvas
openvas
Collabora CODE / Collabora Online < 4.2.17-2 / 5.x < 6.4.9-6 Authorization Bypass Vulnerability
2021-12-09 00:00:00
cvelist
cvelist
CVE-2021-32744 Unauthenticated attacker could gain access to currently open files
2021-07-21 16:00:11
nvd
nvd
CVE-2021-32744
2021-07-21 16:15:08

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

53.8%

JSON
Related for CVE-2021-32744
prion1openvas1cvelist1nvd1