CVE-2023-6186

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibreOffice (affected versions not specified)

Description The issue is related to insufficient macro permission validation, allowing an attacker to execute built-in macros without warning. In affected versions, LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user. This could potentially enable a remote attacker to execute arbitrary code by embedding a malicious macro in a document.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Preservation of Permissions

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-281CWE-601

Related Identifiers

ALSA-2024:1427

ALSA-2024:1514

ALSA-2024:3835

ALT-PU-2023-8037

ALT-PU-2023-8057

ALT-PU-2024-1030

ALT-PU-2024-1179

BDU:2023-08655

CESA-2024_1514

CVE-2023-6186

DLA-3703-1

DSA-5574-1

INFSA-2024_3835

MGASA-2024-0116

OPENSUSE-SU-2023_4932-1

RHSA-2024:1423

RHSA-2024:1425

RHSA-2024:1427

RHSA-2024:1473

RHSA-2024:1480

RHSA-2024:1512

RHSA-2024:1513

RHSA-2024:1514

RHSA-2024:3835

RHSA-2024_1427

RHSA-2024_1514

RHSA-2024_3835

RLSA-2024:1427

RLSA-2024:1514

RLSA-2024:3835

SUSE-SU-2023:4932-1

SUSE-SU-2023:4984-1

USN-6546-1

USN-6546-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Libreoffice

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2023-6186

Weakness Enumeration

Related Identifiers

Affected Products

References · 77