PT-2020-3349 · Document Foundation+6 · Libreoffice+6

Published

2020-06-08

·

Updated

2024-06-15

·

CVE-2020-12802

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions LibreOffice versions prior to 6.4.4
Description The issue is related to a flaw in LibreOffice's "stealth mode", which allows only documents from trusted locations to retrieve remote resources. This mode is not enabled by default but can be activated by users to prevent the inclusion of remote resources within a document. The flaw specifically concerns remote graphic links loaded from docx documents, which were not protected prior to version 6.4.4. This could potentially allow a remote attacker to access confidential data due to the lack of protection for internal data.
Recommendations For versions prior to 6.4.4, update to version 6.4.4 or later to resolve the issue. As a temporary workaround, consider disabling the loading of remote graphic links from docx documents until the update is applied. Restrict access to sensitive documents and locations to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALSA-2020:4628
ALT-PU-2020-2512
ALT-PU-2020-2609
ALT-PU-2020-2699
ALT-PU-2020-3097
BDU:2020-03672
CESA-2020_4628
CVE-2020-12802
DLA-3703-1
OPENSUSE-SU-2020:1222-1
OPENSUSE-SU-2020:1261-1
OPENSUSE-SU-2020_1222-1
OPENSUSE-SU-2020_1261-1
OPENSUSE-SU-2024:10983-1
RHSA-2020:4628
RHSA-2020_4628
RLSA-2020:4628
SUSE-SU-2020:2217-1
SUSE-SU-2020:2235-1
SUSE-SU-2020:2283-1
SUSE-SU-2020_2283-1

Affected Products

Alt Linux
Almalinux
Centos
Libreoffice
Red Hat
Rocky Linux
Suse