{"uuid": "f58d5b36-3f9e-4f81-a946-8e180ebe338f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43444", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10133", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-43444\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. Signed document download URLs can be forged due to a weak default URL signing key.\n\ud83d\udccf Published: 2023-01-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-02T16:06:02.583Z\n\ud83d\udd17 References:\n1. https://github.com/ONLYOFFICE/server\n2. https://www.onlyoffice.com/\n3. https://labs.nettitude.com/blog/exploiting-onlyoffice-web-sockets-for-unauthenticated-remote-code-execution/", "creation_timestamp": "2025-04-02T16:35:18.000000Z"}