CVE-2024-6472
Aug. 5, 2024, 1:15 p.m.
Tags
CVSS Score
Product(s) Impacted
LibreOffice
- 24.2
- before 24.2.5
Description
Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the macro is executed. Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway. This issue affects LibreOffice: from 24.2 before 24.2.5.
Weaknesses
CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
CWE ID: 295Date
Published: Aug. 5, 2024, 1:15 p.m.
Last Modified: Aug. 5, 2024, 1:15 p.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
security@documentfoundation.org
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
Exploitability Score
Impact Score
Base Severity
HIGHCVSS Vector String
The CVSS vector string provides an in-depth view of the vulnerability metrics.
View Vector StringCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H