CVE-2023-48314
Unescaped passing of the request URL in Collabora Online
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.403. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Collabora Online es una suite ofimática colaborativa en línea basada en la tecnología LibreOffice. Los usuarios de Nextcloud con la aplicación CODE Server incorporada de Collabora Online pueden ser vulnerables a ataques a través de proxy.php. Esta vulnerabilidad se ha corregido en Collabora Online - Servidor CODE integrado (richdocumentscode) versión 23.5.403. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-11-14 CVE Reserved
- 2023-12-01 CVE Published
- 2023-12-07 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/CollaboraOnline/online/security/advisories/GHSA-qjrm-q4h5-v3r2 | 2023-12-06 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Collaboraoffice Search vendor "Collaboraoffice" | Collabora Online Search vendor "Collaboraoffice" for product "Collabora Online" | < 23.5.403 Search vendor "Collaboraoffice" for product "Collabora Online" and version " < 23.5.403" | - |
Affected
|