CVE-2022-26306

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions LibreOffice versions prior to 7.2.7 LibreOffice versions prior to 7.3.1

Description The issue is related to insufficiently strong encryption of data in the user configuration database of LibreOffice. This weakness can be exploited by a remote attacker to disclose protected information. The stored passwords for web connections are encrypted with a single master key provided by the user, but the required initialization vector for encryption is always the same, weakening the security of the encryption.

Recommendations For versions prior to 7.2.7, update to version 7.2.7 or later. For versions prior to 7.3.1, update to version 7.3.1 or later. As a temporary workaround, consider restricting access to the user's configuration data to minimize the risk of exploitation.

Fix

Use of Insufficiently Random Values

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-330CWE-326

Related Identifiers

ALSA-2023:0089

ALSA-2023:0304

ALT-PU-2022-1911

ALT-PU-2022-1953

ALT-PU-2022-1954

ALT-PU-2022-1986

ALT-PU-2022-2498

ALT-PU-2022-2551

BDU:2022-04785

CESA-2023_0089

CVE-2022-26306

DLA-3368-1

RHSA-2023:0089

RHSA-2023:0304

RHSA-2023_0089

RHSA-2023_0304

RLSA-2023:0089

RLSA-2023:0304

USN-5661-1

USN-5694-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Libreoffice

Linuxmint

Red Hat

Rocky Linux

Ubuntu

CVE-2022-26306

Weakness Enumeration

Related Identifiers

Affected Products

References · 56