Unescaped passing of the request URL in Collabora Online
CVE-2023-48314

7.1HIGH

Key Information:

Vendor: Collaboraonline
Status: Online
Vendor: CVE Published:; 1 December 2023

🔔 Create Collaboraonline Vulnerability Alert

What is CVE-2023-48314?

The Collabora Online suite, integrated with Nextcloud, has a vulnerability that exposes users to potential remote code execution via the proxy.php file. This can allow unauthorized access to sensitive data and compromise the integrity of the application. Users utilizing the Collabora Online Built-in CODE Server app are strongly advised to update to version 23.5.403 to secure their systems, as there are no available workarounds for this issue.

Affected Version(s)

online < 23.5.403

References

https://github.com/CollaboraOnline/online/security/adviso...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 1, 2023
Vulnerability Reserved
Nov 14, 2023