CVE-2023-26435

MEDIUM Year: 2023
CVSS v3 Score
5.0
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. Attackers could discover restricted network topology and services as well as including local files with read permissions of the open-xchange system user. This was limited to specific file-types, like images. We have improved existing content filters and validators to avoid including any local resources. No publicly available exploits are known.

Related Vulnerabilities

CVE-2018-20497

MEDIUM
CVSS:5.0(Medium)

An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF.

CWE-9182018

CVE-2019-1679

MEDIUM
CVSS:5.0(Medium)

A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote att...

CWE-9182019

CVE-2020-12644

MEDIUM
CVSS:5.0(Medium)

OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.

CWE-9182020

CVE-2020-15002

MEDIUM
CVSS:5.0(Medium)

OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.

CWE-9182020

CVE-2020-36232

MEDIUM
CVSS:5.0(Medium)

The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5...

CWE-9182020