How severe is CVE-2024-30265?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-30265?

This is classified as CWE-73, which is a common weakness in software security.

CVE-2024-30265 - HIGH Severity | CVSS 7.5

Vulnerability Description

Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voilà dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voilà dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how voilà is deployed. This issue has been patched in 0.2.17, 0.3.8, 0.4.4 and 0.5.6.

Related Vulnerabilities

CVE-2018-14820

HIGH

CVSS:7.5(High)

Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.

CWE-732018

CVE-2018-7495

HIGH

CVSS:7.5(High)

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAcce...

CWE-732018

CVE-2021-21343

HIGH

CVSS:7.5(High)

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type informat...

CWE-732021

CVE-2021-3845

HIGH

CVSS:7.5(High)

ws-scrcpy is vulnerable to External Control of File Name or Path

CWE-732021

CVE-2022-42732

HIGH

CVSS:7.5(High)

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could...

CWE-732022

CVE-2022-42733

HIGH

CVSS:7.5(High)

CWE-732022