#VU93313 Improper Certificate Validation in LibreOffice - CVE-2024-5261
Published: June 25, 2024
Vulnerability identifier: #VU93313
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-5261
CWE-ID: CWE-295
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
LibreOffice
LibreOffice
Software vendor:
LibreOffice
LibreOffice
Description
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to missing certificate validation within the LibreOfficeKit when calling "curl" to fetch remote resources such as images hosted on web servers. A remote attacker can perform MitM attack.
Remediation
Install updates from vendor's website.