← Back to CVEs
CVE-2024-30265
HIGH7.5
Description
Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voilà dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voilà dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how voilà is deployed. This issue has been patched in 0.2.17, 0.3.8, 0.4.4 and 0.5.6.
CVE Details
CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published4/3/2024
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-73
References
https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52(security-advisories@github.com)
https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67(security-advisories@github.com)
https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2(security-advisories@github.com)
https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8(security-advisories@github.com)
https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504(security-advisories@github.com)
https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg(security-advisories@github.com)
https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.