PT-2024-27470 · Collabora · Collabora Online
Caolanm
·
Published
2024-08-23
·
Updated
2024-08-27
·
CVE-2024-37311
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Collabora Online versions prior to 22.05.23.1
Collabora Online versions prior to 23.05.14.1
Collabora Online versions prior to 24.04.4.3
Description
In affected versions of Collabora Online, a collaborative online office suite based on LibreOffice, https connections from coolwsd to other hosts may incompletely verify the remote host's certificate against the full chain of trust.
Recommendations
For versions prior to 22.05.23.1, update to version 22.05.23.1 or later.
For versions prior to 23.05.14.1, update to version 23.05.14.1 or later.
For versions prior to 24.04.4.3, update to version 24.04.4.3 or later.
Exploit
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Collabora Online