Search criteria
2 vulnerabilities found for voila by voila-dashboards
CVE-2024-30265 (GCVE-0-2024-30265)
Vulnerability from nvd – Published: 2024-04-03 22:55 – Updated: 2024-08-02 01:32
VLAI?
Title
Voilà Local file inclusion
Summary
Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voilà dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voilà dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how voilà is deployed. This issue has been patched in 0.2.17, 0.3.8, 0.4.4 and 0.5.6.
Severity ?
7.5 (High)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| voila-dashboards | voila |
Affected:
>= 0.0.2, < 0.2.17
Affected: >= 0.3.0a0, < 0.3.8 Affected: >= 0.4.0a0, < 0.4.4 Affected: >= 0.5.0a0, < 0.5.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30265",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-04T16:07:37.511255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:39:46.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:32:06.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg"
},
{
"name": "https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52"
},
{
"name": "https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67"
},
{
"name": "https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2"
},
{
"name": "https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8"
},
{
"name": "https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "voila",
"vendor": "voila-dashboards",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.0.2, \u003c 0.2.17"
},
{
"status": "affected",
"version": "\u003e= 0.3.0a0, \u003c 0.3.8"
},
{
"status": "affected",
"version": "\u003e= 0.4.0a0, \u003c 0.4.4"
},
{
"status": "affected",
"version": "\u003e= 0.5.0a0, \u003c 0.5.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voil\u00e0 dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voil\u00e0 dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how voil\u00e0 is deployed. This issue has been patched in 0.2.17, 0.3.8, 0.4.4 and 0.5.6.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-03T22:55:20.202Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg"
},
{
"name": "https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52"
},
{
"name": "https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67"
},
{
"name": "https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2"
},
{
"name": "https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8"
},
{
"name": "https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504"
}
],
"source": {
"advisory": "GHSA-2q59-h24c-w6fg",
"discovery": "UNKNOWN"
},
"title": "Voil\u00e0 Local file inclusion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-30265",
"datePublished": "2024-04-03T22:55:20.202Z",
"dateReserved": "2024-03-26T12:52:00.935Z",
"dateUpdated": "2024-08-02T01:32:06.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30265 (GCVE-0-2024-30265)
Vulnerability from cvelistv5 – Published: 2024-04-03 22:55 – Updated: 2024-08-02 01:32
VLAI?
Title
Voilà Local file inclusion
Summary
Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voilà dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voilà dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how voilà is deployed. This issue has been patched in 0.2.17, 0.3.8, 0.4.4 and 0.5.6.
Severity ?
7.5 (High)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| voila-dashboards | voila |
Affected:
>= 0.0.2, < 0.2.17
Affected: >= 0.3.0a0, < 0.3.8 Affected: >= 0.4.0a0, < 0.4.4 Affected: >= 0.5.0a0, < 0.5.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30265",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-04T16:07:37.511255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:39:46.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:32:06.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg"
},
{
"name": "https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52"
},
{
"name": "https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67"
},
{
"name": "https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2"
},
{
"name": "https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8"
},
{
"name": "https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "voila",
"vendor": "voila-dashboards",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.0.2, \u003c 0.2.17"
},
{
"status": "affected",
"version": "\u003e= 0.3.0a0, \u003c 0.3.8"
},
{
"status": "affected",
"version": "\u003e= 0.4.0a0, \u003c 0.4.4"
},
{
"status": "affected",
"version": "\u003e= 0.5.0a0, \u003c 0.5.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voil\u00e0 dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voil\u00e0 dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how voil\u00e0 is deployed. This issue has been patched in 0.2.17, 0.3.8, 0.4.4 and 0.5.6.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-03T22:55:20.202Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg"
},
{
"name": "https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52"
},
{
"name": "https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67"
},
{
"name": "https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2"
},
{
"name": "https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8"
},
{
"name": "https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504"
}
],
"source": {
"advisory": "GHSA-2q59-h24c-w6fg",
"discovery": "UNKNOWN"
},
"title": "Voil\u00e0 Local file inclusion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-30265",
"datePublished": "2024-04-03T22:55:20.202Z",
"dateReserved": "2024-03-26T12:52:00.935Z",
"dateUpdated": "2024-08-02T01:32:06.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}