Vulnerability Details : CVE-2020-12802
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where remote graphic links loaded from docx documents were omitted from this protection prior to version 6.4.4. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4.
Vulnerability category: Information leak
Products affected by CVE-2020-12802
- cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
- cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-12802
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-12802
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2020-12802
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: security@documentfoundation.org (Secondary)
References for CVE-2020-12802
-
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00042.html
[security-announce] openSUSE-SU-2020:1222-1: moderate: Security update fMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html
[SECURITY] [DLA 3703-1] libreoffice security update
-
https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12802
CVE-2020-12802 | LibreOffice - Free Office Suite - Based on OpenOffice - Compatible with MicrosoftVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00058.html
[security-announce] openSUSE-SU-2020:1261-1: moderate: Security update fMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQIBAKXD7VO5IGBD7ZMH3GGBNR5R2IOA/
[SECURITY] Fedora 31 Update: libreoffice-6.3.6.2-4.fc31 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQIBAKXD7VO5IGBD7ZMH3GGBNR5R2IOA/
[SECURITY] Fedora 31 Update: libreoffice-6.3.6.2-4.fc31 - package-announce - Fedora Mailing-Lists
Jump to