Home > Vulnerability Database > CVE-2023-2255

Mend.io Vulnerability Database

CVE-2023-2255

Date: May 24, 2023

Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3.

Language: C

Severity Score

5.3

Related Resources (8)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-2255

Url: https://security-tracker.debian.org/tracker/CVE-2023-2255

Url: https://access.redhat.com/security/cve/CVE-2023-2255

Url: https://www.libreoffice.org/about-us/security/advisories/CVE-2023-2255

Url: https://lists.debian.org/debian-lts-announce/2023/08/msg00014.html

Url: https://security.gentoo.org/glsa/202311-15

Url: https://www.debian.org/security/2023/dsa-5415

Url: https://www.mend.io/vulnerability-database/CVE-2023-2255

Severity Score

5.3

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-2255

Date: May 24, 2023

Language: C

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?