Improper Preservation Of Permissions

2023-12-1506:33:46

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

macro execution

permission validation

document foundation

libreoffice

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.7%

JSON

libreoffice is vulnerable to Improper Preservation of Permissions. The vulnerability is due to there is no macro permission validation for The Document Foundation in LibreOffice. This allows an attacker to execute built-in macros without warning the user.

CPENameOperatorVersion
libreoffice:bullseyeeq1:7.0.3-4
libreoffice:sideq1:7.0.4-3
libreoffice:sideq1:7.0.3-4+b1
libreoffice:bullseyeeq1:7.0.3-4
libreoffice:sideq1:7.0.4-3
libreoffice:sideq1:7.0.3-4+b1
libreoffice:bustereq1:6.1.5-3+deb10u6
libreoffice:bustereq1:6.1.5-3+deb10u7

Name	Operator	Version
libreoffice:bullseye	eq	1:7.0.3-4
libreoffice:sid	eq	1:7.0.4-3
libreoffice:sid	eq	1:7.0.3-4+b1
libreoffice:bullseye	eq	1:7.0.3-4
libreoffice:sid	eq	1:7.0.4-3
libreoffice:sid	eq	1:7.0.3-4+b1
libreoffice:buster	eq	1:6.1.5-3+deb10u6
libreoffice:buster	eq	1:6.1.5-3+deb10u7