Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-12426

Опубликовано: 07 янв. 2025
Источник: nvd
CVSS3: 6.5
EPSS Низкий

Описание

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice.

URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such links.

This issue affects LibreOffice: from 24.8 before < 24.8.4.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*
Версия от 24.8.0.1 (включая) до 24.8.4 (исключая)
cpe:2.3:a:libreoffice:libreoffice:24.8.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:libreoffice:libreoffice:24.8.0.0:beta1:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 31%
0.00116
Низкий

6.5 Medium

CVSS3

Дефекты

CWE-200
NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2024-12426

CVSS3: 6.5
ubuntu
11 месяцев назад

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such links. This issue affects LibreOffice: from 24.8 before < 24.8.4.

redhat логотип

CVE-2024-12426

CVSS3: 5
redhat
11 месяцев назад

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such links. This issue affects LibreOffice: from 24.8 before < 24.8.4.

debian логотип

CVE-2024-12426

CVSS3: 6.5
debian
11 месяцев назад

Exposure of Environmental Variables and arbitrary INI file values to a ...

github логотип

GHSA-x7m8-vrfv-272v

CVSS3: 6.5
github
11 месяцев назад

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such links. This issue affects LibreOffice: from 24.8 before < 24.8.4.

fstec логотип

BDU:2025-00554

CVSS3: 5.5
fstec
около 1 года назад

Уязвимость пакета офисных программ LibreOffice, связанная с недостаточной защитой служебных данных, позволяющая нарушителю раскрыть конфиденциальную информацию

EPSS

Процентиль: 31%
0.00116
Низкий

6.5 Medium

CVSS3

Дефекты

CWE-200
NVD-CWE-noinfo