CVE-2021-32744

Unauthenticated attacker could gain access to currently open files

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to guess the file identifier - the predictability of this file identifier is dependent on external file-storage implementations (this is a potential "IDOR" - Insecure Direct Object Reference - vulnerability). Versions 4.2.17-1 and 6.4.9-5 contain patches for this issue. There is no known workaround except updating the Collabora Online application to one of the patched releases.

Collabora Online es una suite de office colaborativa online. En las versiones anteriores a 4.2.17-1 y versión 6.4.9-5, unos atacantes no autenticados pueden obtener acceso a archivos que están abiertos actualmente por otros usuarios en el editor de Collabora Online. Para una explotación con éxito, el atacante debe adivinar el identificador del archivo - la predictibilidad de este identificador de archivo depende de las implementaciones externas de almacenamiento de archivos (esto es una potencial vulnerabilidad "IDOR" - Insecure Direct Object Reference -). Las versiones 4.2.17-1 y 6.4.9-5 contienen parches para este problema. No hay ninguna solución conocida, excepto la actualización de la aplicación Collabora Online a una de las versiones parcheadas

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-05-12 CVE Reserved
2021-07-21 CVE Published
2024-04-05 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-639: Authorization Bypass Through User-Controlled Key

CAPEC

References (1)

URL	Tag	Source
https://github.com/CollaboraOnline/online/security/advisories/GHSA-32xj-9x82-q9jw	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Collabora Search vendor "Collabora"		Online Search vendor "Collabora" for product "Online"				< 4.2.17-1 Search vendor "Collabora" for product "Online" and version " < 4.2.17-1"		-		Affected
Collabora Search vendor "Collabora"		Online Search vendor "Collabora" for product "Online"				>= 6.4.0 < 6.4.9-5 Search vendor "Collabora" for product "Online" and version " >= 6.4.0 < 6.4.9-5"		-		Affected