CVE-2024-30265

{"id": "CVE-2024-30265", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-04-03T23:15:13.423", "references": [{"url": "https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52", "source": "security-advisories@github.com"}, {"url": "https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67", "source": "security-advisories@github.com"}, {"url": "https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2", "source": "security-advisories@github.com"}, {"url": "https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8", "source": "security-advisories@github.com"}, {"url": "https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504", "source": "security-advisories@github.com"}, {"url": "https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-73"}]}], "descriptions": [{"lang": "en", "value": "Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voil\u00e0 dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voil\u00e0 dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how voil\u00e0 is deployed. This issue has been patched in 0.2.17, 0.3.8, 0.4.4 and 0.5.6.\n"}], "lastModified": "2024-04-04T12:48:41.700", "sourceIdentifier": "security-advisories@github.com"}