Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning.
In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.
References
Link | Resource |
---|---|
https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html | |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/ | Mailing List Third Party Advisory |
https://www.debian.org/security/2023/dsa-5574 | Third Party Advisory |
https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186 | Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html | |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/ | Mailing List Third Party Advisory |
https://www.debian.org/security/2023/dsa-5574 | Third Party Advisory |
https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 08:43
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.3 |
References | () https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/ - Mailing List, Third Party Advisory | |
References | () https://www.debian.org/security/2023/dsa-5574 - Third Party Advisory | |
References | () https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186 - Vendor Advisory |
31 Dec 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Dec 2023, 14:41
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.debian.org/security/2023/dsa-5574 - Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/ - Mailing List, Third Party Advisory | |
References | () https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186 - Vendor Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CWE | CWE-281 |
13 Dec 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Dec 2023, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Dec 2023, 12:20
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-11 12:15
Updated : 2024-11-21 08:43
NVD link : CVE-2023-6186
Mitre link : CVE-2023-6186
CVE.ORG link : CVE-2023-6186
JSON object : View
Products Affected
debian
- debian_linux
libreoffice
- libreoffice
fedoraproject
- fedora
CWE
CWE-281
Improper Preservation of Permissions