← Volver a CVEs
CVE-2024-30265
HIGH7.5
Descripcion
Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voilà dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voilà dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how voilà is deployed. This issue has been patched in 0.2.17, 0.3.8, 0.4.4 and 0.5.6.
Detalles CVE
Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado4/3/2024
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-73
Referencias
https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52(security-advisories@github.com)
https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67(security-advisories@github.com)
https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2(security-advisories@github.com)
https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8(security-advisories@github.com)
https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504(security-advisories@github.com)
https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg(security-advisories@github.com)
https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.