Authorization Bypass

2023-08-0701:27:44

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

libreoffice

authorization bypass

improper access control

external links

floating frames

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

34.2%

JSON

libreoffice is vulnerable to Authorization Bypasses. Improper access control in editor components allows an attacker to craft a document that would cause external links to be loaded without prompt. The documents that uses floating frames linked to external files, would load the contents of those frames without prompting the user for permission to do so.

CPENameOperatorVersion
libreoffice:sideq1:7.0.4-3
libreoffice:sideq1:7.0.3-4+b1
libreoffice:bullseyeeq1:7.0.3-4
libreoffice:bustereq1:6.1.5-3+deb10u6
libreoffice:bustereq1:6.1.5-3+deb10u7
libreoffice:sideq1:7.0.4-3
libreoffice:sideq1:7.0.3-4+b1
libreoffice:bullseyeeq1:7.0.3-4
libreoffice:bustereq1:6.1.5-3+deb10u6
libreoffice:bustereq1:6.1.5-3+deb10u7

Name	Operator	Version
libreoffice:sid	eq	1:7.0.4-3
libreoffice:sid	eq	1:7.0.3-4+b1
libreoffice:bullseye	eq	1:7.0.3-4
libreoffice:buster	eq	1:6.1.5-3+deb10u6
libreoffice:buster	eq	1:6.1.5-3+deb10u7
libreoffice:sid	eq	1:7.0.4-3
libreoffice:sid	eq	1:7.0.3-4+b1
libreoffice:bullseye	eq	1:7.0.3-4
libreoffice:buster	eq	1:6.1.5-3+deb10u6
libreoffice:buster	eq	1:6.1.5-3+deb10u7