{"containers": {"cna": {"affected": [{"product": "libreoffice", "vendor": "[UNKNOWN]", "versions": [{"status": "affected", "version": "6.0.7"}, {"status": "affected", "version": "6.1.3"}]}], "descriptions": [{"lang": "en", "value": "It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-356", "description": "CWE-356", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-08-18T15:06:07", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16858"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/152560/LibreOffice-Macro-Code-Execution.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.rapid7.com/db/modules/exploit/multi/fileformat/libreoffice_macro_exec"}, {"name": "46727", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/46727/"}, {"name": "RHSA-2019:2130", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2130"}, {"name": "20190815 [SECURITY] [DSA 4501-1] libreoffice security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Aug/28"}, {"name": "openSUSE-SU-2019:1929", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00059.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-16858", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "libreoffice", "version": {"version_data": [{"version_value": "6.0.7"}, {"version_value": "6.1.3"}]}}]}, "vendor_name": "[UNKNOWN]"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location."}]}, "impact": {"cvss": [[{"vectorString": "7.8/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-356"}]}]}, "references": {"reference_data": [{"name": "https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/", "refsource": "MISC", "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16858", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16858"}, {"name": "http://packetstormsecurity.com/files/152560/LibreOffice-Macro-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/152560/LibreOffice-Macro-Code-Execution.html"}, {"name": "http://www.rapid7.com/db/modules/exploit/multi/fileformat/libreoffice_macro_exec", "refsource": "MISC", "url": "http://www.rapid7.com/db/modules/exploit/multi/fileformat/libreoffice_macro_exec"}, {"name": "46727", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/46727/"}, {"name": "RHSA-2019:2130", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2130"}, {"name": "20190815 [SECURITY] [DSA 4501-1] libreoffice security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Aug/28"}, {"name": "openSUSE-SU-2019:1929", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00059.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:32:54.146Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16858"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/152560/LibreOffice-Macro-Code-Execution.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.rapid7.com/db/modules/exploit/multi/fileformat/libreoffice_macro_exec"}, {"name": "46727", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/46727/"}, {"name": "RHSA-2019:2130", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2130"}, {"name": "20190815 [SECURITY] [DSA 4501-1] libreoffice security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Aug/28"}, {"name": "openSUSE-SU-2019:1929", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00059.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-16858", "datePublished": "2019-03-25T17:43:08", "dateReserved": "2018-09-11T00:00:00", "dateUpdated": "2024-08-05T10:32:54.146Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "3962F032-670C-45E8-8AF4-0D3CF08D7D3F", "versionEndExcluding": "6.0.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E9BC0F2-B5E0-4AE8-B5CD-B360A97D4273", "versionEndExcluding": "6.1.3", "versionStartIncluding": "6.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location."}, {"lang": "es", "value": "Se ha observado que libreoffice en versiones anteriores a la 6.0.7 y 6.1.3 era vulnerable a ataques de salto de directorio que podr\u00edan ser usados para ejecutar macros arbitrarios incluidos en un documento. Un atacante podr\u00eda manipular un documento que, al ser abierto por LibreOffice, ejecute un m\u00e9todo Python desde un script en cualquier ubicaci\u00f3n arbitrara del sistema de archivos, especificada de forma relativa a la ubicaci\u00f3n de instalaci\u00f3n de LibreOffice."}], "id": "CVE-2018-16858", "lastModified": "2019-08-06T17:15:29.007", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2019-03-25T18:29:00.463", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00059.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/152560/LibreOffice-Macro-Code-Execution.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.rapid7.com/db/modules/exploit/multi/fileformat/libreoffice_macro_exec"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2019:2130"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16858"}, {"source": "secalert@redhat.com", "url": "https://seclists.org/bugtraq/2019/Aug/28"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46727/"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-356"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank The LibreOffice project for reporting this issue. Upstream acknowledges Alex Inf\u00fchr as the original reporter.", "affected_release": [{"advisory": "RHSA-2019:2130", "cpe": "cpe:/o:redhat:enterprise_linux:7", "impact": "low", "package": "libreoffice-1:5.3.6.1-21.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-08-08T00:00:00Z"}], "bugzilla": {"description": "libreoffice: Arbitrary python functions in arbitrary modules on the filesystem can be executed without warning", "id": "1649841", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649841"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-356", "details": ["It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.", "It was found that libreoffice was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location."], "name": "CVE-2018-16858", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "impact": "low", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2019-02-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-16858\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16858\nhttps://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/"], "threat_severity": "Moderate", "upstream_fix": "libreoffice 6.0.7, libreoffice 6.1.3"}