5.3

CVE-2023-2255

EPSS 54.13%
Veröffentlicht 25.05.2023 20:15:09
Zuletzt bearbeitet 21.11.2024 07:58:14
Quelle security@documentfoundation.or
Teams Watchlist Login
Unerledigt Login

Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Libreoffice ≫ Libreoffice Version >= 7.4.0 < 7.4.7

Libreoffice ≫ Libreoffice Version >= 7.5.0 < 7.5.3

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	54.13%	0.979

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

https://lists.debian.org/debian-lts-announce/2023/08/msg00014.html

https://security.gentoo.org/glsa/202311-15

https://www.debian.org/security/2023/dsa-5415

Third Party Advisory

https://www.libreoffice.org/about-us/security/advisories/CVE-2023-2255

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-2255

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-2255

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-2255

EUVD