cbcvebase.
CVE-2023-6186
published 2023-12-11

CVE-2023-6186: Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected…

PriorityP353high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.77%
51.1th percentile
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.

Affected

15 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debianlibreoffice< libreoffice 4:7.4.7-1+deb12u1 (bookworm)libreoffice 4:7.4.7-1+deb12u1 (bookworm)
fedoraprojectfedora
libreofficelibreoffice>= 0 < 1:7.0.4-4+deb11u81:7.0.4-4+deb11u8
libreofficelibreoffice>= 0 < 4:7.4.7-1+deb12u14:7.4.7-1+deb12u1
libreofficelibreoffice>= 0 < 4:7.6.4~rc1-14:7.6.4~rc1-1
libreofficelibreoffice>= 0 < 4:7.6.4~rc1-14:7.6.4~rc1-1
libreofficelibreoffice>= 0 < 1:6.4.7-0ubuntu0.20.04.91:6.4.7-0ubuntu0.20.04.9
libreofficelibreoffice>= 0 < 1:7.3.7-0ubuntu0.22.04.41:7.3.7-0ubuntu0.22.04.4
libreofficelibreoffice>= 0 < 4:7.6.4-0ubuntu0.23.10.14:7.6.4-0ubuntu0.23.10.1
libreofficelibreoffice>= 7.5.0 < 7.5.97.5.9
libreofficelibreoffice>= 7.6.0 < 7.6.47.6.4
the_document_foundationlibreoffice>= 7.5 < 7.5.97.5.9
the_document_foundationlibreoffice>= 7.6 < 7.6.47.6.4

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.3HIGH
vendor_redhat8.3HIGH
vendor_ubuntu8.3HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.