CVE-2021-32744
Unauthenticated attacker could gain access to currently open files
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to guess the file identifier - the predictability of this file identifier is dependent on external file-storage implementations (this is a potential "IDOR" - Insecure Direct Object Reference - vulnerability). Versions 4.2.17-1 and 6.4.9-5 contain patches for this issue. There is no known workaround except updating the Collabora Online application to one of the patched releases.
Collabora Online es una suite de office colaborativa online. En las versiones anteriores a 4.2.17-1 y versión 6.4.9-5, unos atacantes no autenticados pueden obtener acceso a archivos que están abiertos actualmente por otros usuarios en el editor de Collabora Online. Para una explotación con éxito, el atacante debe adivinar el identificador del archivo - la predictibilidad de este identificador de archivo depende de las implementaciones externas de almacenamiento de archivos (esto es una potencial vulnerabilidad "IDOR" - Insecure Direct Object Reference -). Las versiones 4.2.17-1 y 6.4.9-5 contienen parches para este problema. No hay ninguna solución conocida, excepto la actualización de la aplicación Collabora Online a una de las versiones parcheadas
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-05-12 CVE Reserved
- 2021-07-21 CVE Published
- 2024-04-05 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-639: Authorization Bypass Through User-Controlled Key
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://github.com/CollaboraOnline/online/security/advisories/GHSA-32xj-9x82-q9jw | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Collabora Search vendor "Collabora" | Online Search vendor "Collabora" for product "Online" | < 4.2.17-1 Search vendor "Collabora" for product "Online" and version " < 4.2.17-1" | - |
Affected
| ||||||
Collabora Search vendor "Collabora" | Online Search vendor "Collabora" for product "Online" | >= 6.4.0 < 6.4.9-5 Search vendor "Collabora" for product "Online" and version " >= 6.4.0 < 6.4.9-5" | - |
Affected
|