Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access to internal functions, the likelihood that the app could be compromised via this vulnerability is considered high. Non-mobile variants are not affected. Mobile variants should update to the latest version provided by the platform appstore. There are no known workarounds for this vulnerability.
References
Link | Resource |
---|---|
https://github.com/CollaboraOnline/online/security/advisories/GHSA-78cg-rg4q-26qv | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
03 Sep 2024, 15:13
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:collabora:online:*:*:*:*:*:*:*:* cpe:2.3:o:google:android:-:*:*:*:*:*:*:* |
|
First Time |
Google android
Collabora Collabora online |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
References | () https://github.com/CollaboraOnline/online/security/advisories/GHSA-78cg-rg4q-26qv - Vendor Advisory | |
CWE | CWE-79 |
30 Aug 2024, 13:00
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
29 Aug 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-29 17:15
Updated : 2024-09-03 15:13
NVD link : CVE-2024-45045
Mitre link : CVE-2024-45045
CVE.ORG link : CVE-2024-45045
JSON object : View
Products Affected
- android
collabora
- online