Lucene search

[email protected]CVE-2023-48314

HistoryDec 01, 2023 - 10:15 p.m.

CVE-2023-48314

2023-12-0122:15:10

CWE-79

[email protected]

web.nvd.nist.gov

collabora online

nextcloud

cve-2023-48314

vulnerability

fix

nvd

security

update

upgrade

richdocumentscode.

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

0.0005 Low

EPSS

Percentile

17.1%

JSON

Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.403. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected configurations

Vulners

NVD

Node

collaboraonlineonlineRange<23.5.403

CPENameOperatorVersion
collaboraoffice:collabora_onlinecollaboraoffice collabora onlinelt23.5.403

CPE	Name	Operator	Version
collaboraoffice:collabora_online	collaboraoffice collabora online	lt	23.5.403

CNA Affected

[
  {
    "vendor": "CollaboraOnline",
    "product": "online",
    "versions": [
      {
        "version": "< 23.5.403",
        "status": "affected"
      }
    ]
  }
]

References

github.com/CollaboraOnline/online/security/advisories/GHSA-qjrm-q4h5-v3r2