GSD-2022-3140

Vulnerability from gsd - Updated: 2023-12-13 01:19
Details
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.1; 7.3 versions prior to 7.3.6.
Aliases
Aliases
CVE-2022-3140
To clipboard 

{
  "GSD": {
    "alias": "CVE-2022-3140",
    "id": "GSD-2022-3140",
    "references": [
      "https://www.debian.org/security/2022/dsa-5252",
      "https://advisories.mageia.org/CVE-2022-3140.html",
      "https://access.redhat.com/errata/RHSA-2023:0089",
      "https://www.suse.com/security/cve/CVE-2022-3140.html",
      "https://ubuntu.com/security/CVE-2022-3140",
      "https://security.archlinux.org/CVE-2022-3140",
      "https://access.redhat.com/errata/RHSA-2023:0304"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-3140"
      ],
      "details": "LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme \u0027vnd.libreoffice.command\u0027 specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.1; 7.3 versions prior to 7.3.6.",
      "id": "GSD-2022-3140",
      "modified": "2023-12-13T01:19:40.011877Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@documentfoundation.org",
        "ID": "CVE-2022-3140",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "LibreOffice",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "7.4",
                          "version_value": "7.4.1"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "7.3",
                          "version_value": "7.3.6"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "The Document Foundation"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "TheSecurityDev working with Trend Micro Zero Day Initiative"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme \u0027vnd.libreoffice.command\u0027 specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.1; 7.3 versions prior to 7.3.6."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-20",
                "lang": "eng",
                "value": "CWE-20 Improper Input Validation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.libreoffice.org/about-us/security/advisories/CVE-2022-3140",
            "refsource": "MISC",
            "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2022-3140"
          },
          {
            "name": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html",
            "refsource": "MISC",
            "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html"
          },
          {
            "name": "https://www.debian.org/security/2022/dsa-5252",
            "refsource": "MISC",
            "url": "https://www.debian.org/security/2022/dsa-5252"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TORANVTIWWBH3DNJR4UZATAG67KZOH32/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TORANVTIWWBH3DNJR4UZATAG67KZOH32/"
          },
          {
            "name": "https://security.gentoo.org/glsa/202212-04",
            "refsource": "MISC",
            "url": "https://security.gentoo.org/glsa/202212-04"
          }
        ]
      },
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libreoffice:libreoffice:7.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.3.6",
                "versionStartIncluding": "7.3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@documentfoundation.org",
          "ID": "CVE-2022-3140"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme \u0027vnd.libreoffice.command\u0027 specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.1; 7.3 versions prior to 7.3.6."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-88"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.libreoffice.org/about-us/security/advisories/CVE-2022-3140",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2022-3140"
            },
            {
              "name": "DSA-5252",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5252"
            },
            {
              "name": "GLSA-202212-04",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202212-04"
            },
            {
              "name": "[debian-lts-announce] 20230326 [SECURITY] [DLA 3368-1] libreoffice security update",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TORANVTIWWBH3DNJR4UZATAG67KZOH32/",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TORANVTIWWBH3DNJR4UZATAG67KZOH32/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.4
        }
      },
      "lastModifiedDate": "2023-03-27T00:15Z",
      "publishedDate": "2022-10-11T21:15Z"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.