PT-2020-2388 · Document Foundation+4 · Libreoffice+4

Tomas Florian

Published

2020-05-02

Updated

2024-06-15

CVE-2020-12801

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions LibreOffice versions 6.3.0 through 6.3.5 LibreOffice versions 6.4.0 through 6.4.2

Description The issue is related to errors in encryption. When LibreOffice has an encrypted document open and crashes, the document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful and the file format of the recovered document was not LibreOffice's default ODF file format, then subsequent saves of the document are unencrypted by default. This may lead to a user accidentally saving a document, such as in MSOffice file format, unencrypted while believing it to be encrypted.

Recommendations For LibreOffice versions 6.3.0 through 6.3.5, update to version 6.3.6 or later to resolve the issue. For LibreOffice versions 6.4.0 through 6.4.2, update to version 6.4.3 or later to resolve the issue.

Fix

Missing Encryption of Sensitive Data

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311CWE-312

Related Identifiers

ALT-PU-2020-1911

ALT-PU-2020-1937

ALT-PU-2020-2512

ALT-PU-2020-2609

ALT-PU-2020-2699

ALT-PU-2020-3097

BDU:2020-02358

CVE-2020-12801

DLA-3703-1

MGASA-2020-0258

OPENSUSE-SU-2020:0786-1

OPENSUSE-SU-2020_0786-1

OPENSUSE-SU-2024:10983-1

SUSE-SU-2020:1530-1

SUSE-SU-2020:1731-1

SUSE-SU-2020_1731-1

USN-5694-1

Affected Products

Alt Linux

Libreoffice

Linuxmint

Suse

Ubuntu

PT-2020-2388 · Document Foundation+4 · Libreoffice+4

CVE-2020-12801

Weakness Enumeration

Related Identifiers

Affected Products

References · 65