cbcvebase.
CVE-2020-12802
published 2020-06-08

CVE-2020-12802: LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default…

PriorityP430medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
1.94%
77.6th percentile
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where remote graphic links loaded from docx documents were omitted from this protection prior to version 6.4.4. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4.

Affected

10 ranges
VendorProductVersion rangeFixed in
debianlibreoffice< libreoffice 1:6.4.4-1 (bookworm)libreoffice 1:6.4.4-1 (bookworm)
fedoraprojectfedora
libreofficelibreoffice< 6.4.46.4.4
libreofficelibreoffice>= 0 < 1:6.4.4-11:6.4.4-1
libreofficelibreoffice>= 0 < 1:6.4.4-11:6.4.4-1
libreofficelibreoffice>= 0 < 1:6.4.4-11:6.4.4-1
libreofficelibreoffice>= 0 < 1:6.4.4-11:6.4.4-1
opensuseleap
opensuseleap
the_document_foundationlibreoffice>= unspecified < 6.4.46.4.4

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv5.3MEDIUM
vendor_debian5.3LOW
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.