CVE-2024-6472
Aug. 5, 2024, 1:15 p.m.
7.8
High
Description
Certificate Validation user interface in LibreOffice allows potential vulnerability.
Signed macros are scripts that have been digitally signed by the
developer using a cryptographic signature. When a document with a signed
macro is opened a warning is displayed by LibreOffice before the macro
is executed.
Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway.
This issue affects LibreOffice: from 24.2 before 24.2.5.
Product(s) Impacted
Product | Versions |
---|---|
LibreOffice |
|
Weaknesses
CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
Tags
CVSS Score
CVSS Data
- Attack Vector: LOCAL
- Attack Complexity: LOW
- Privileges Required: NONE
- Scope: UNCHANGED
- Confidentiality Impact: HIGH
- Integrity Impact: HIGH
- Availability Impact: HIGH
View Vector String
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Date
- Published: Aug. 5, 2024, 1:15 p.m.
- Last Modified: Aug. 5, 2024, 1:15 p.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
security@documentfoundation.org
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.