CVE-2023-49788

Name of the Vulnerable Software and Affected Versions Collabora Online - Built-in CODE Server (richdocumentscode) versions prior to 23.5.602

Description The issue is related to the Collabora Online - Built-in CODE Server (richdocumentscode) running without chroot sandboxing, making it susceptible to attacks via modified client->server commands. This can allow overwriting files outside the subdirectory provided for the transient session, with access limited to files the server process can access. The bug was fixed in release 23.5.602.

Recommendations For versions prior to 23.5.602, upgrade to release 23.5.602 or later to resolve the issue. There are no known workarounds for this vulnerability.