CVE-2024-6472Improper Certificate Validation in Document Foundation Libreoffice

CWE-295Improper Certificate Validation7 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 77.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
THE Document Foundation LibreofficeLibreoffice
Timeline
PublishedAug 5
Latest updateAug 15

Description

Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the macro is executed. Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway. This issue affects LibreOffice: from 24.2 before 24.2.5.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5the_document_foundation/libreoffice24.224.2.5
NVDlibreoffice/libreoffice24.2.0.024.2.5.1
Debianlibreoffice/libreoffice< 1:7.0.4-4+deb11u10+3

🔴Vulnerability Details

3
GHSA
GHSA-w6mm-86qp-2r3q: Certificate Validation user interface in LibreOffice allows potential vulnerability2024-08-05
CVEList
Ability to trust not validated macro signatures removed in high security mode2024-08-05
OSV
CVE-2024-6472: Certificate Validation user interface in LibreOffice allows potential vulnerability2024-08-05

📋Vendor Advisories

3
Ubuntu
LibreOffice vulnerability2024-08-15
Red Hat
libreoffice: Ability to trust not validated macro signatures removed in high security mode2024-08-05
Debian
CVE-2024-6472: libreoffice - Certificate Validation user interface in LibreOffice allows potential vulnerabil...2024
CVE-2024-6472 — Improper Certificate Validation | cvebase