Unescaped passing of the request URL in Collabora Online
CVE-2023-48314

7.1HIGH

Key Information:

Status
Vendor
CVE Published:
1 December 2023

What is CVE-2023-48314?

The Collabora Online suite, integrated with Nextcloud, has a vulnerability that exposes users to potential remote code execution via the proxy.php file. This can allow unauthorized access to sensitive data and compromise the integrity of the application. Users utilizing the Collabora Online Built-in CODE Server app are strongly advised to update to version 23.5.403 to secure their systems, as there are no available workarounds for this issue.

Affected Version(s)

online < 23.5.403

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.