CVE-2021-43445

Name of the Vulnerable Software and Affected Versions ONLYOFFICE all versions as of 2021-11-08

Description The issue is related to Incorrect Access Control, allowing an attacker to authenticate with the web socket service of the ONLYOFFICE document editor. This service is protected by JWT auth, but an attacker can use a default JWT signing key to gain access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.