{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-3044", "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "state": "PUBLISHED", "assignerShortName": "Document Fdn.", "dateReserved": "2024-03-28T15:28:21.866Z", "datePublished": "2024-05-14T20:19:51.426Z", "dateUpdated": "2024-11-12T20:14:27.961Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "LibreOffice", "vendor": "The Document Foundation", "versions": [{"lessThan": "7.6.7", "status": "affected", "version": "7.6", "versionType": "7.6 series"}, {"lessThan": "24.2.3", "status": "affected", "version": "24.2", "versionType": "24.2 series"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Thanks to Amel Bouziane-Leblond for for finding and reporting this issue."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.<br>"}], "value": "Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted."}], "impacts": [{"capecId": "CAPEC-160", "descriptions": [{"lang": "en", "value": "CAPEC-160 Exploit Script-Based APIs"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-356", "description": "CWE-356 Product UI does not Warn User of Unsafe Actions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn.", "dateUpdated": "2024-09-20T10:09:29.430Z"}, "references": [{"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2024-3044"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00016.html"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TU3TYDXICKPYHMCNL7ARYYBXACEAYJ4/"}], "source": {"discovery": "EXTERNAL"}, "title": "Graphic on-click binding allows unchecked script execution", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-05-16T18:55:50.828860Z", "id": "CVE-2024-3044", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-12T20:14:27.961Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:32:42.580Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2024-3044", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00016.html", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TU3TYDXICKPYHMCNL7ARYYBXACEAYJ4/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2024-3044", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00016.html", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TU3TYDXICKPYHMCNL7ARYYBXACEAYJ4/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:32:42.580Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-3044", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-16T18:55:50.828860Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:24.447Z"}}], "cna": {"title": "Graphic on-click binding allows unchecked script execution", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Thanks to Amel Bouziane-Leblond for for finding and reporting this issue."}], "impacts": [{"capecId": "CAPEC-160", "descriptions": [{"lang": "en", "value": "CAPEC-160 Exploit Script-Based APIs"}]}], "affected": [{"vendor": "The Document Foundation", "product": "LibreOffice", "versions": [{"status": "affected", "version": "7.6", "lessThan": "7.6.7", "versionType": "7.6 series"}, {"status": "affected", "version": "24.2", "lessThan": "24.2.3", "versionType": "24.2 series"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2024-3044"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00016.html"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TU3TYDXICKPYHMCNL7ARYYBXACEAYJ4/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.", "supportingMedia": [{"type": "text/html", "value": "Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-356", "description": "CWE-356 Product UI does not Warn User of Unsafe Actions"}]}], "providerMetadata": {"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn.", "dateUpdated": "2024-09-20T10:09:29.430Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3044", "state": "PUBLISHED", "dateUpdated": "2024-11-12T20:14:27.961Z", "dateReserved": "2024-03-28T15:28:21.866Z", "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "datePublished": "2024-05-14T20:19:51.426Z", "assignerShortName": "Document Fdn."}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted."}, {"lang": "es", "value": "La ejecuci\u00f3n de script sin marcar en el enlace gr\u00e1fico al hacer clic en las versiones afectadas de LibreOffice permite a un atacante crear un documento que, sin aviso, ejecutar\u00e1 script integradas en LibreOffice al hacer clic en un gr\u00e1fico. Anteriormente, estos scripts se consideraban confiables, pero ahora se consideran no confiables."}], "id": "CVE-2024-3044", "lastModified": "2024-11-21T09:28:45.103", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-14T21:15:12.627", "references": [{"source": "security@documentfoundation.org", "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00016.html"}, {"source": "security@documentfoundation.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TU3TYDXICKPYHMCNL7ARYYBXACEAYJ4/"}, {"source": "security@documentfoundation.org", "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2024-3044"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00016.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TU3TYDXICKPYHMCNL7ARYYBXACEAYJ4/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2024-3044"}], "sourceIdentifier": "security@documentfoundation.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-356"}], "source": "security@documentfoundation.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:4242", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libreoffice-1:6.4.7.2-17.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-07-02T00:00:00Z"}, {"advisory": "RHSA-2024:4755", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "libreoffice-1:7.1.8.1-13.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-07-23T00:00:00Z"}], "bugzilla": {"description": "libreoffice: create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic", "id": "2280542", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280542"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.", "A flaw was found in LibreOffice. Unchecked script execution in graphic on-click binding allows an attacker to create a document, which, without a prompt, will execute scripts built into LibreOffice when clicking a graphic. These scripts were previously deemed trusted but are now deemed untrusted."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-3044", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "libreoffice:flatpak/libreoffice", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "libreoffice:flatpak/libreoffice", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-3044\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-3044\nhttps://www.libreoffice.org/about-us/security/advisories/CVE-2024-3044"], "statement": "CVE-2024-3044 poses a Moderate severity risk due to its potential to enable unauthorized script execution within LibreOffice documents. While the vulnerability allows for the execution of untrusted scripts upon clicking graphics, it requires user interaction to initiate. Furthermore, the impact is constrained by the user's explicit macro execution permissions, determined at document load time. Although the flaw could lead to unintended script execution, its impact is mitigated by the necessity for user interaction and the reliance on explicit macro permissions.", "threat_severity": "Moderate", "upstream_fix": "libreoffice 7.6.7, libreoffice 24.2.3"}