Bug 2210185 (CVE-2023-2255) - CVE-2023-2255 libreoffice: Remote documents loaded without prompt via IFrame
Summary: CVE-2023-2255 libreoffice: Remote documents loaded without prompt via IFrame
Keywords:
Status: NEW
Alias: CVE-2023-2255
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2210189 2210190 2210195 2210197 2210198 2210196
Blocks: 2210116
TreeView+ depends on / blocked
 
Reported: 2023-05-26 04:19 UTC by Sandipan Roy
Modified: 2023-07-07 08:29 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in LibreOffice. Improper access control in the editor components of The Document Foundation in LibreOffice allows an attacker to craft a document that causes external links to load without a prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, they would load the contents of those frames without prompting the user for permission. This action was inconsistent with the treatment of other linked content in LibreOffice.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Sandipan Roy 2023-05-26 04:19:36 UTC 
Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3.

https://www.libreoffice.org/about-us/security/advisories/CVE-2023-2255
Comment 1 Sandipan Roy 2023-05-26 04:32:14 UTC 
Created libreoffice tracking bugs for this issue:

Affects: fedora-37 [bug 2210189]
Affects: fedora-38 [bug 2210190]
Note You need to log in before you can comment on or make changes to this bug.