Unescaped passing of the request URL in Collabora Online
CVE-2023-48314

6.1MEDIUM

Key Information:

Vendor: CollaboraOnline
Status: online
Vendor: CVE Published:; 1 December 2023

Summary

Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.403. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected Version(s)

online < 23.5.403

References

https://github.com/CollaboraOnline/online/security/adviso...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 1, 2023
Vulnerability Reserved
Nov 14, 2023