CVE-2021-32744 - OpenCVE

Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to guess the file identifier - the predictability of this file identifier is dependent on external file-storage implementations (this is a potential "IDOR" - Insecure Direct Object Reference - vulnerability). Versions 4.2.17-1 and 6.4.9-5 contain patches for this issue. There is no known workaround except updating the Collabora Online application to one of the patched releases.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Collabora	Online

Configuration 1 [-]

OR	cpe:2.3:a:collabora:online::::::::
	cpe:2.3:a:collabora:online::::::::

No data.

References

Link	Providers
https://github.com/CollaboraOnline/online/security/advisories/GHSA-32xj-9x82-q9jw

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-07-21T16:00:11

Updated: 2024-08-03T23:33:55.908Z

Reserved: 2021-05-12T00:00:00

Link: CVE-2021-32744

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-07-21T16:15:08.727

Modified: 2021-07-30T15:32:45.897

Link: CVE-2021-32744

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "online", "vendor": "CollaboraOnline", "versions": [{"status": "affected", "version": "< 4.2.17-1"}, {"status": "affected", "version": ">= 6.4.0, < 6.4.9-5"}]}], "descriptions": [{"lang": "en", "value": "Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to guess the file identifier - the predictability of this file identifier is dependent on external file-storage implementations (this is a potential \"IDOR\" - Insecure Direct Object Reference - vulnerability). Versions 4.2.17-1 and 6.4.9-5 contain patches for this issue. There is no known workaround except updating the Collabora Online application to one of the patched releases."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "CWE-639: Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-21T16:00:11", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-32xj-9x82-q9jw"}], "source": {"advisory": "GHSA-32xj-9x82-q9jw", "discovery": "UNKNOWN"}, "title": "Unauthenticated attacker could gain access to currently open files", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32744", "STATE": "PUBLIC", "TITLE": "Unauthenticated attacker could gain access to currently open files"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "online", "version": {"version_data": [{"version_value": "< 4.2.17-1"}, {"version_value": ">= 6.4.0, < 6.4.9-5"}]}}]}, "vendor_name": "CollaboraOnline"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to guess the file identifier - the predictability of this file identifier is dependent on external file-storage implementations (this is a potential \"IDOR\" - Insecure Direct Object Reference - vulnerability). Versions 4.2.17-1 and 6.4.9-5 contain patches for this issue. There is no known workaround except updating the Collabora Online application to one of the patched releases."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-639: Authorization Bypass Through User-Controlled Key"}]}]}, "references": {"reference_data": [{"name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-32xj-9x82-q9jw", "refsource": "CONFIRM", "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-32xj-9x82-q9jw"}]}, "source": {"advisory": "GHSA-32xj-9x82-q9jw", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:33:55.908Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-32xj-9x82-q9jw"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-32744", "datePublished": "2021-07-21T16:00:11", "dateReserved": "2021-05-12T00:00:00", "dateUpdated": "2024-08-03T23:33:55.908Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:collabora:online:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA98CADA-F443-46F5-98DF-43842E707588", "versionEndExcluding": "4.2.17-1", "vulnerable": true}, {"criteria": "cpe:2.3:a:collabora:online:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FB8B6C7-A4FF-4B5D-A293-649E0915EBB4", "versionEndExcluding": "6.4.9-5", "versionStartIncluding": "6.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to guess the file identifier - the predictability of this file identifier is dependent on external file-storage implementations (this is a potential \"IDOR\" - Insecure Direct Object Reference - vulnerability). Versions 4.2.17-1 and 6.4.9-5 contain patches for this issue. There is no known workaround except updating the Collabora Online application to one of the patched releases."}, {"lang": "es", "value": "Collabora Online es una suite de office colaborativa online. En las versiones anteriores a 4.2.17-1 y versi\u00f3n 6.4.9-5, unos atacantes no autenticados pueden obtener acceso a archivos que est\u00e1n abiertos actualmente por otros usuarios en el editor de Collabora Online. Para una explotaci\u00f3n con \u00e9xito, el atacante debe adivinar el identificador del archivo - la predictibilidad de este identificador de archivo depende de las implementaciones externas de almacenamiento de archivos (esto es una potencial vulnerabilidad \"IDOR\" - Insecure Direct Object Reference -). Las versiones 4.2.17-1 y 6.4.9-5 contienen parches para este problema. No hay ninguna soluci\u00f3n conocida, excepto la actualizaci\u00f3n de la aplicaci\u00f3n Collabora Online a una de las versiones parcheadas"}], "id": "CVE-2021-32744", "lastModified": "2021-07-30T15:32:45.897", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-07-21T16:15:08.727", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-32xj-9x82-q9jw"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-639"}], "source": "security-advisories@github.com", "type": "Secondary"}]}