CVE-2024-25114

Sensitive Information Disclosure (JailID) to users in Collabora Online

Severity Score

2.6

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Collabora Online is a collaborative online office suite based on LibreOffice technology. Each document in Collabora Online is opened by a separate "Kit" instance in a different "jail" with a unique directory "jailID" name. For security reasons, this directory name is randomly generated and should not be given out to the client. In affected versions of Collabora Online it is possible to use the CELL() function, with the "filename" argument, in the spreadsheet component to get a path which includes this JailID. The impact of this vulnerability in its own is low because it requires to be chained with another vulnerability. Users should upgrade to Collabora Online 23.05.9; Collabora Online 22.05.22; Collabora Online 21.11.10 or higher. There are no known workarounds for this vulnerability.

Collabora Online es una suite ofimática colaborativa en línea basada en la tecnología LibreOffice. Cada documento en Collabora Online se abre mediante una instancia de "Kit" separada en una "cárcel" diferente con un nombre de directorio único "jailID". Por razones de seguridad, este nombre de directorio se genera aleatoriamente y no debe entregarse al cliente. En las versiones afectadas de Collabora Online es posible utilizar la función CELL(), con el argumento "nombre de archivo", en el componente de hoja de cálculo para obtener una ruta que incluya este JailID. El impacto de esta vulnerabilidad por sí sola es bajo porque requiere ser encadenada con otra vulnerabilidad. Los usuarios deben actualizar a Collabora Online 23.05.9; Colabora en línea 22.05.22; Collabora Online 21.11.10 o superior. No se conocen workarounds para esta vulnerabilidad.

*Credits: N/A

CVSS Scores

GitHubv3.1 2.6

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-05 CVE Reserved
2024-03-11 CVE Published
2024-03-12 EPSS Updated
2024-08-01 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (2)

URL	Tag	Source
https://github.com/CollaboraOnline/online/security/advisories/GHSA-2fh2-ppjf-p3xv	X_refsource_confirm
https://github.com/LibreOffice/online/blob/master/wsd/README	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
CollaboraOnline Search vendor "CollaboraOnline"		Online Search vendor "CollaboraOnline" for product "Online"				>= 23.0.0 < 23.05.9 Search vendor "CollaboraOnline" for product "Online" and version " >= 23.0.0 < 23.05.9"		en		Affected
CollaboraOnline Search vendor "CollaboraOnline"		Online Search vendor "CollaboraOnline" for product "Online"				>= 22.0.0 < 22.05.22 Search vendor "CollaboraOnline" for product "Online" and version " >= 22.0.0 < 22.05.22"		en		Affected
CollaboraOnline Search vendor "CollaboraOnline"		Online Search vendor "CollaboraOnline" for product "Online"				< 21.11.9.4 Search vendor "CollaboraOnline" for product "Online" and version " < 21.11.9.4"		en		Affected