Home > Vulnerability Database > CVE-2021-32744

Mend.io Vulnerability Database

CVE-2021-32744

Good to know:

Date: July 21, 2021

Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to guess the file identifier - the predictability of this file identifier is dependent on external file-storage implementations (this is a potential "IDOR" - Insecure Direct Object Reference - vulnerability). Versions 4.2.17-1 and 6.4.9-5 contain patches for this issue. There is no known workaround except updating the Collabora Online application to one of the patched releases.

Language: TYPE_SCRIPT

Severity Score

7.5

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-32744

Url: https://github.com/CollaboraOnline/online/security/advisories/GHSA-32xj-9x82-q9jw

Url: https://www.mend.io/vulnerability-database/CVE-2021-32744

Severity Score

7.5

Weakness Type (CWE)

Authorization Bypass Through User-Controlled Key

CWE-639

Top Fix

Upgrade Version

Upgrade to version 4.2.18-1

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-32744

Good to know:

Date: July 21, 2021

Language: TYPE_SCRIPT

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?