CVE-2021-32744

Name of the Vulnerable Software and Affected Versions Collabora Online versions prior to 4.2.17-1 Collabora Online version 6.4.9-5

Description Collabora Online is a collaborative online office suite. Unauthenticated attackers can gain access to files currently opened by other users in the Collabora Online editor. The attacker must guess the file identifier, which is dependent on external file-storage implementations. This is a potential Insecure Direct Object Reference vulnerability.

Recommendations For versions prior to 4.2.17-1, update to version 4.2.17-1 or later. For version 6.4.9-5, update to a patched release. At the moment, there is no information about other newer versions that contain a fix for this vulnerability.