{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6186", "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "state": "PUBLISHED", "assignerShortName": "Document Fdn.", "dateReserved": "2023-11-17T09:15:24.395Z", "datePublished": "2023-12-11T11:56:40.349Z", "dateUpdated": "2024-08-02T08:21:17.742Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "LibreOffice", "vendor": "The Document Foundation", "versions": [{"lessThan": "7.5.9", "status": "affected", "version": "7.5", "versionType": "7.5 series"}, {"lessThan": "7.6.4", "status": "affected", "version": "7.6", "versionType": "7.6 series"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Thanks to Reginaldo Silva of ubercomp.com for finding and reporting this issue"}], "datePublic": "2023-12-11T00:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning.</div><div>In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.<br></div>"}], "value": "Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning.\n\nIn affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn.", "dateUpdated": "2023-12-11T11:56:40.349Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186"}, {"url": "https://www.debian.org/security/2023/dsa-5574"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Link targets allow arbitrary script execution", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:21:17.742Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186"}, {"url": "https://www.debian.org/security/2023/dsa-5574", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3620339-BFEE-459E-937D-7F785CEE9C9F", "versionEndExcluding": "7.5.9", "versionStartIncluding": "7.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C255150-B48F-4F2A-8E7E-0C9D6CA3504D", "versionEndExcluding": "7.6.4", "versionStartIncluding": "7.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning.\n\nIn affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.\n\n\n"}, {"lang": "es", "value": "La validaci\u00f3n insuficiente de permisos en las macros de The Document Foundation LibreOffice permite a un atacante ejecutar macros integradas sin previo aviso. En las versiones afectadas, LibreOffice admite hiperv\u00ednculos con macros o destinos de comandos integrados similares que se pueden ejecutar cuando se activan sin advertir al usuario."}], "id": "CVE-2023-6186", "lastModified": "2023-12-31T14:15:42.307", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 6.0, "source": "security@documentfoundation.org", "type": "Secondary"}]}, "published": "2023-12-11T12:15:07.713", "references": [{"source": "security@documentfoundation.org", "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html"}, {"source": "security@documentfoundation.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/"}, {"source": "security@documentfoundation.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5574"}, {"source": "security@documentfoundation.org", "tags": ["Vendor Advisory"], "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186"}], "sourceIdentifier": "security@documentfoundation.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-281"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:1514", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libreoffice-1:6.4.7.2-16.el8_9", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-03-26T00:00:00Z"}, {"advisory": "RHSA-2024:1512", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "libreoffice-1:6.0.6.1-21.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-03-26T00:00:00Z"}, {"advisory": "RHSA-2024:1512", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "libreoffice-1:6.0.6.1-21.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2024-03-26T00:00:00Z"}, {"advisory": "RHSA-2024:1512", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "libreoffice-1:6.0.6.1-21.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2024-03-26T00:00:00Z"}, {"advisory": "RHSA-2024:1480", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "libreoffice-1:6.4.7.2-16.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-03-25T00:00:00Z"}, {"advisory": "RHSA-2024:1480", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "libreoffice-1:6.4.7.2-16.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-03-25T00:00:00Z"}, {"advisory": "RHSA-2024:1480", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "libreoffice-1:6.4.7.2-16.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-03-25T00:00:00Z"}, {"advisory": "RHSA-2024:1473", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "libreoffice-1:6.4.7.2-16.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-03-21T00:00:00Z"}, {"advisory": "RHSA-2024:1513", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "libreoffice-1:6.4.7.2-16.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-03-26T00:00:00Z"}, {"advisory": "RHSA-2024:1427", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "libreoffice-1:7.1.8.1-12.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:3835", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "libreoffice-1:7.1.8.1-12.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-06-11T00:00:00Z"}, {"advisory": "RHSA-2024:1423", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "libreoffice-1:7.1.8.1-12.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1425", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "libreoffice-1:7.1.8.1-12.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-03-19T00:00:00Z"}], "bugzilla": {"description": "libreoffice: Insufficient macro permission validation leading to macro execution", "id": "2254005", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254005"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H", "status": "verified"}, "cwe": "CWE-250", "details": ["Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning.\nIn affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.", "An insufficient permission validation vulnerability was found in LibreOffice. In versions that support running commands in hyperlinks, an attacker can execute built-in macros without warning the user."], "name": "CVE-2023-6186", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libreoffice:flatpak/libreoffice", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "libreoffice:flatpak/libreoffice", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-12-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-6186\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6186\nhttps://www.libreoffice.org/about-us/security/advisories/cve-2023-6186"], "threat_severity": "Important", "upstream_fix": "LibreOffice 7.5.9, LibreOffice 7.6.4"}