PT-2021-9613 · Document Foundation · Libreoffice
Published
2021-01-07
·
Updated
2021-01-08
·
CVE-2020-13451
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Gotenberg versions through 6.2.1
Description
An incomplete-cleanup vulnerability in the Office rendering engine allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros.
Recommendations
For Gotenberg versions through 6.2.1, update to a version later than 6.2.1 to resolve the issue. As a temporary workaround, consider restricting the execution of macros in LibreOffice configuration files to minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Libreoffice