CVE-2024-25114

low-risk

Published 2024-03-11

Collabora Online is a collaborative online office suite based on LibreOffice technology. Each document in Collabora Online is opened by a separate "Kit" instance in a different "jail" with a unique directory "jailID" name. For security reasons, this directory name is randomly generated and should not be given out to the client. In affected versions of Collabora Online it is possible to use the CELL() function, with the "filename" argument, in the spreadsheet component to get a path which includes this JailID. The impact of this vulnerability in its own is low because it requires to be chained with another vulnerability. Users should upgrade to Collabora Online 23.05.9; Collabora Online 22.05.22; Collabora Online 21.11.10 or higher. There are no known workarounds for this vulnerability.

Do I need to act?

0.23% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 2.6/10 Low

NETWORK / HIGH complexity

Affected Products (1)

Online

Affected Vendors

Collabora

References (4)

Vendor Advisory https://github.com/CollaboraOnline/online/security/advisories/GHSA-2fh2-ppjf-p3x...

Exploit https://github.com/LibreOffice/online/blob/master/wsd/README

Vendor Advisory https://github.com/CollaboraOnline/online/security/advisories/GHSA-2fh2-ppjf-p3x...

Exploit https://github.com/LibreOffice/online/blob/master/wsd/README

/ 100

low-risk

Severity 10/34 · Low

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal