{"containers": {"cna": {"affected": [{"product": "online", "vendor": "CollaboraOnline", "versions": [{"status": "affected", "version": "< 4.2.17-1"}, {"status": "affected", "version": ">= 6.4.0, < 6.4.9-5"}]}], "descriptions": [{"lang": "en", "value": "Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to guess the file identifier - the predictability of this file identifier is dependent on external file-storage implementations (this is a potential \"IDOR\" - Insecure Direct Object Reference - vulnerability). Versions 4.2.17-1 and 6.4.9-5 contain patches for this issue. There is no known workaround except updating the Collabora Online application to one of the patched releases."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "CWE-639: Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-21T16:00:11", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-32xj-9x82-q9jw"}], "source": {"advisory": "GHSA-32xj-9x82-q9jw", "discovery": "UNKNOWN"}, "title": "Unauthenticated attacker could gain access to currently open files", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32744", "STATE": "PUBLIC", "TITLE": "Unauthenticated attacker could gain access to currently open files"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "online", "version": {"version_data": [{"version_value": "< 4.2.17-1"}, {"version_value": ">= 6.4.0, < 6.4.9-5"}]}}]}, "vendor_name": "CollaboraOnline"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to guess the file identifier - the predictability of this file identifier is dependent on external file-storage implementations (this is a potential \"IDOR\" - Insecure Direct Object Reference - vulnerability). Versions 4.2.17-1 and 6.4.9-5 contain patches for this issue. There is no known workaround except updating the Collabora Online application to one of the patched releases."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-639: Authorization Bypass Through User-Controlled Key"}]}]}, "references": {"reference_data": [{"name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-32xj-9x82-q9jw", "refsource": "CONFIRM", "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-32xj-9x82-q9jw"}]}, "source": {"advisory": "GHSA-32xj-9x82-q9jw", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-32744", "datePublished": "2021-07-21T16:00:11", "dateReserved": "2021-05-12T00:00:00", "dateUpdated": "2021-07-21T16:00:11", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:collabora:online:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA98CADA-F443-46F5-98DF-43842E707588", "versionEndExcluding": "4.2.17-1", "vulnerable": true}, {"criteria": "cpe:2.3:a:collabora:online:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FB8B6C7-A4FF-4B5D-A293-649E0915EBB4", "versionEndExcluding": "6.4.9-5", "versionStartIncluding": "6.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to guess the file identifier - the predictability of this file identifier is dependent on external file-storage implementations (this is a potential \"IDOR\" - Insecure Direct Object Reference - vulnerability). Versions 4.2.17-1 and 6.4.9-5 contain patches for this issue. There is no known workaround except updating the Collabora Online application to one of the patched releases."}, {"lang": "es", "value": "Collabora Online es una suite de office colaborativa online. En las versiones anteriores a 4.2.17-1 y versi\u00f3n 6.4.9-5, unos atacantes no autenticados pueden obtener acceso a archivos que est\u00e1n abiertos actualmente por otros usuarios en el editor de Collabora Online. Para una explotaci\u00f3n con \u00e9xito, el atacante debe adivinar el identificador del archivo - la predictibilidad de este identificador de archivo depende de las implementaciones externas de almacenamiento de archivos (esto es una potencial vulnerabilidad \"IDOR\" - Insecure Direct Object Reference -). Las versiones 4.2.17-1 y 6.4.9-5 contienen parches para este problema. No hay ninguna soluci\u00f3n conocida, excepto la actualizaci\u00f3n de la aplicaci\u00f3n Collabora Online a una de las versiones parcheadas"}], "id": "CVE-2021-32744", "lastModified": "2021-07-30T15:32:45.897", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-07-21T16:15:08.727", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-32xj-9x82-q9jw"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-639"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}