CVE-2020-13451

Published: Jan 7, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros.

Affected (1)

Products: Thecodingmachine: Gotenberg

Thecodingmachine

1 product

Gotenberg

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Thecodingmachine Gotenberg	Up to 6.2.1

Related CWEs

CWE-459

Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

References (4)

http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://github.com/thecodingmachine/gotenberg/issues/199

Source: cve@mitre.org

Third Party Advisory

http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://github.com/thecodingmachine/gotenberg/issues/199

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.