// For flags

CVE-2020-12432

 

Severity Score

6.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtain an API access token, which can be accomplished if the attacker is able to upload a .docx or .odt file. The associated API endpoints for exploitation are /wopi/files and /wopi/getAccessToken.

La integración de la API WOPI para Vereign Collabora CODE versiones hasta 4.2.2, no restringe apropiadamente la entrega de JavaScript al navegador de la víctima y carece de un control de acceso de tipo MIME apropiado, lo que podría conllevar a un ataque de tipo XSS que roba credenciales de cuenta por medio de cookies o almacenamiento local. El atacante primero debe obtener un token de acceso a la API, que puede ser alcanzado si el atacante es capaz de cargar un archivo .docx o .odt. Los endpoints de la API asociados para la explotación son /wopi/files y /wopi/getAccessToken

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-04-28 CVE Reserved
  • 2020-07-21 CVE Published
  • 2024-04-07 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
URL Tag Source
URL Date SRC
https://github.com/d7x/CVE-2020-12432 2024-08-04
https://www.youtube.com/watch?v=_tkRnSr6yc0 2024-08-04
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Collaboraoffice
Search vendor "Collaboraoffice"
 Collabora Online Development Edition
Search vendor "Collaboraoffice" for product "Collabora Online Development Edition"
 <= 4.2.2
Search vendor "Collaboraoffice" for product "Collabora Online Development Edition" and version " <= 4.2.2"
-
Affected