CVE-2024-3044

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-3044
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://lists.debian.org/debian-lts-announce/2024/05/msg00016.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TU3TYDXICKPYHMCNL7ARYYBXACEAYJ4/
https://www.libreoffice.org/about-us/security/advisories/CVE-2024-3044
Configurations

No configuration.

History

12 Nov 2024, 21:35

Type Values Removed Values Added
CWE CWE-94
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5

20 Sep 2024, 10:15

Type Values Removed Values Added
CWE CWE-20 CWE-356
Summary (en) Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted. (en) Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.

10 Jun 2024, 17:16

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/05/msg00016.html -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TU3TYDXICKPYHMCNL7ARYYBXACEAYJ4/ -

15 May 2024, 16:40

Type Values Removed Values Added
Summary
  • (es) La ejecución de script sin marcar en el enlace gráfico al hacer clic en las versiones afectadas de LibreOffice permite a un atacante crear un documento que, sin aviso, ejecutará script integradas en LibreOffice al hacer clic en un gráfico. Anteriormente, estos scripts se consideraban confiables, pero ahora se consideran no confiables.

14 May 2024, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-14 21:15

Updated : 2024-11-12 21:35

NVD link : CVE-2024-3044

Mitre link : CVE-2024-3044

CVE.ORG link : CVE-2024-3044

JSON object : View

Products Affected

No product.

CWE
CWE-356

Product UI does not Warn User of Unsafe Actions

CWE-94

Improper Control of Generation of Code ('Code Injection')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024