CVE-2024-6472

Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the macro is executed. Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway. This issue affects LibreOffice: from 24.2 before 24.2.5.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.libreoffice.org/about-us/security/advisories/CVE-2024-6472

Configurations

No configuration.

History

06 Aug 2024, 16:31

Type	Values Removed	Values Added
Summary		(es) La interfaz de usuario de Validación de certificados en LibreOffice permite una vulnerabilidad potencial. Las macros firmadas son scripts que el desarrollador ha firmado digitalmente mediante una firma criptográfica. Cuando se abre un documento con una macro firmada, LibreOffice muestra una advertencia antes de ejecutar la macro. Anteriormente, si la verificación fallaba, el usuario podía no comprender el error y optar por habilitar las macros de todos modos. Este problema afecta a LibreOffice: desde 24.2 antes de 24.2.5.

05 Aug 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-05 13:15

Updated : 2024-08-06 16:31

NVD link : CVE-2024-6472

Mitre link : CVE-2024-6472

CVE.ORG link : CVE-2024-6472

JSON object : View

Products Affected

No product.

CWE

CWE-295

Improper Certificate Validation

7.8 /10