Unescaped passing of the request URL in Collabora Online
CVE-2023-48314
7.1HIGH
What is CVE-2023-48314?
The Collabora Online suite, integrated with Nextcloud, has a vulnerability that exposes users to potential remote code execution via the proxy.php file. This can allow unauthorized access to sensitive data and compromise the integrity of the application. Users utilizing the Collabora Online Built-in CODE Server app are strongly advised to update to version 23.5.403 to secure their systems, as there are no available workarounds for this issue.
Affected Version(s)
online < 23.5.403