Improper handling of browser-side provided input in richdocuments path handling
CVE-2023-49788
7.2HIGH
What is CVE-2023-49788?
Collabora Online's Built-in CODE Server has a vulnerability that allows for file overwriting due to a lack of chroot sandboxing. Attack vectors exploit modified client-to-server commands, potentially providing unauthorized access to files outside the intended directory. Users are recommended to upgrade to version 23.5.602 or later to avoid these risks, as there are no known workarounds to mitigate the issue.
Affected Version(s)
online < 23.5.602