Описание
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning.
In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.
An insufficient permission validation vulnerability was found in LibreOffice. In versions that support running commands in hyperlinks, an attacker can execute built-in macros without warning the user.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libreoffice | Out of support scope | ||
| Red Hat Enterprise Linux 7 | libreoffice | Will not fix | ||
| Red Hat Enterprise Linux 8 | libreoffice:flatpak/libreoffice | Not affected | ||
| Red Hat Enterprise Linux 9 | libreoffice:flatpak/libreoffice | Not affected | ||
| Red Hat Enterprise Linux 8 | libreoffice | Fixed | RHSA-2024:1514 | 26.03.2024 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | libreoffice | Fixed | RHSA-2024:1512 | 26.03.2024 |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | libreoffice | Fixed | RHSA-2024:1512 | 26.03.2024 |
| Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | libreoffice | Fixed | RHSA-2024:1512 | 26.03.2024 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | libreoffice | Fixed | RHSA-2024:1480 | 25.03.2024 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | libreoffice | Fixed | RHSA-2024:1480 | 25.03.2024 |
Показывать по
Дополнительная информация
Статус:
8.3 High
CVSS3
Связанные уязвимости
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.
Insufficient macro permission validation of The Document Foundation Li ...
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.
Уязвимость пакета офисных программ LibreOffice, связанная с возможностью внедрения кода или данных, позволяющая нарушителю выполнить произвольный код
8.3 High
CVSS3