← Back

CVE-2023-6186

nvd nist
Published: Dec 11, 2023Modified: Feb 13, 2025

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.

Affected (5)

Libreoffice
1 product
Libreoffice
Fedoraproject
1 product
Fedora
Debian
1 product
Debian Linux
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Libreoffice
Libreoffice
From 7.5.0 to 7.5.9
Libreoffice
From 7.6.0 to 7.6.4
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 38
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 11.0
Debian Linux
Version 12.0

Related CWEs

CWE-281
Improper Preservation of Permissions
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References (8)

Source: security@documentfoundation.org
Source: security@documentfoundation.org
Mailing ListThird Party Advisory
Source: security@documentfoundation.org
Third Party Advisory
Source: security@documentfoundation.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.