CVE-2024-30265

{"id": "CVE-2024-30265", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-04-03T23:15:13.423", "references": [{"url": "https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52", "source": "security-advisories@github.com"}, {"url": "https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67", "source": "security-advisories@github.com"}, {"url": "https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2", "source": "security-advisories@github.com"}, {"url": "https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8", "source": "security-advisories@github.com"}, {"url": "https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504", "source": "security-advisories@github.com"}, {"url": "https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg", "source": "security-advisories@github.com"}, {"url": "https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-73"}]}], "descriptions": [{"lang": "en", "value": "Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voil\u00e0 dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voil\u00e0 dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how voil\u00e0 is deployed. This issue has been patched in 0.2.17, 0.3.8, 0.4.4 and 0.5.6.\n"}, {"lang": "es", "value": "Collabora Online es una suite ofim\u00e1tica colaborativa en l\u00ednea basada en la tecnolog\u00eda LibreOffice. Cualquier implementaci\u00f3n del panel voil\u00e0 permite la inclusi\u00f3n de archivos locales. Cualquier archivo en un sistema de archivos que sea legible por el usuario que ejecuta el servidor del panel voil\u00e0 puede ser descargado por alguien con acceso de red al servidor. Si esto todav\u00eda requiere autenticaci\u00f3n depende de c\u00f3mo se implemente voil\u00e0. Este problema se solucion\u00f3 en 0.2.17, 0.3.8, 0.4.4 y 0.5.6."}], "lastModified": "2024-11-21T09:11:35.073", "sourceIdentifier": "security-advisories@github.com"}