{"containers": {"cna": {"affected": [{"product": "LibreOffice", "vendor": "Document Foundation", "versions": [{"lessThan": "6.2.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Thanks to Nils Emmerich of ERNW Research GmbH for discovering and reporting this issue"}], "datePublic": "2019-08-15T00:00:00", "descriptions": [{"lang": "en", "value": "LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed. However this new protection could be bypassed by a URL encoding attack. In the fixed versions, the parsed url describing the script location is correctly encoded before further processing. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-116", "description": "CWE-116 Improper Encoding or Escaping of Output", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-10-06T13:06:10", "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn."}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9852"}, {"name": "20190815 [SECURITY] [DSA 4501-1] libreoffice security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Aug/28"}, {"name": "DSA-4501", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4501"}, {"name": "FEDORA-2019-2fe22a3a2c", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/"}, {"name": "USN-4102-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4102-1/"}, {"name": "openSUSE-SU-2019:2057", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html"}, {"name": "20190910 [SECURITY] [DSA 4519-1] libreoffice security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Sep/17"}, {"name": "openSUSE-SU-2019:2183", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html"}, {"name": "[debian-lts-announce] 20191006 [SECURITY] [DLA 1947-1] libreoffice security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Insufficient URL encoding flaw in allowed script location check", "x_generator": {"engine": "Vulnogram 0.0.7"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@documentfoundation.org", "DATE_PUBLIC": "2019-08-15T00:00:00.000Z", "ID": "CVE-2019-9852", "STATE": "PUBLIC", "TITLE": "Insufficient URL encoding flaw in allowed script location check"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "LibreOffice", "version": {"version_data": [{"version_affected": "<", "version_value": "6.2.6"}]}}]}, "vendor_name": "Document Foundation"}]}}, "credit": [{"lang": "eng", "value": "Thanks to Nils Emmerich of ERNW Research GmbH for discovering and reporting this issue"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed. However this new protection could be bypassed by a URL encoding attack. In the fixed versions, the parsed url describing the script location is correctly encoded before further processing. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6."}]}, "generator": {"engine": "Vulnogram 0.0.7"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-116 Improper Encoding or Escaping of Output"}]}]}, "references": {"reference_data": [{"name": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9852", "refsource": "MISC", "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9852"}, {"name": "20190815 [SECURITY] [DSA 4501-1] libreoffice security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Aug/28"}, {"name": "DSA-4501", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4501"}, {"name": "FEDORA-2019-2fe22a3a2c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/"}, {"name": "USN-4102-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4102-1/"}, {"name": "openSUSE-SU-2019:2057", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html"}, {"name": "20190910 [SECURITY] [DSA 4519-1] libreoffice security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Sep/17"}, {"name": "openSUSE-SU-2019:2183", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html"}, {"name": "[debian-lts-announce] 20191006 [SECURITY] [DLA 1947-1] libreoffice security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:01:54.996Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9852"}, {"name": "20190815 [SECURITY] [DSA 4501-1] libreoffice security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Aug/28"}, {"name": "DSA-4501", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4501"}, {"name": "FEDORA-2019-2fe22a3a2c", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/"}, {"name": "USN-4102-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4102-1/"}, {"name": "openSUSE-SU-2019:2057", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html"}, {"name": "20190910 [SECURITY] [DSA 4519-1] libreoffice security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Sep/17"}, {"name": "openSUSE-SU-2019:2183", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html"}, {"name": "[debian-lts-announce] 20191006 [SECURITY] [DLA 1947-1] libreoffice security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html"}]}]}, "cveMetadata": {"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "assignerShortName": "Document Fdn.", "cveId": "CVE-2019-9852", "datePublished": "2019-08-15T21:40:18.556261Z", "dateReserved": "2019-03-17T00:00:00", "dateUpdated": "2024-09-17T03:42:47.414Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "32F74064-7FE4-4BB6-86BB-83AE52D38E87", "versionEndExcluding": "6.2.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed. However this new protection could be bypassed by a URL encoding attack. In the fixed versions, the parsed url describing the script location is correctly encoded before further processing. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6."}, {"lang": "es", "value": "LibreOffice est\u00e1 com\u00fanmente incorporada con LibreLogo, un script de gr\u00e1ficos espec\u00edficos turtle programables, lo que puede ejecutar comandos arbitrarios de python contenidos con el documento desde que se inicia. Se agreg\u00f3 protecci\u00f3n, para abordar el CVE-2019-9848, para bloquear las llamadas a LibreLogo desde los manejadores de script de eventos de documentos, p. ej. mouse over. Sin embargo, LibreOffice tambi\u00e9n presenta una funcionalidad separada en la que los documentos pueden especificar que los scripts preinstalados pueden ser ejecutados en varios eventos de script globales, tales como document-open, etc. Este problema afecta: Document Foundation LibreOffice versiones anteriores a 6.2.6"}], "id": "CVE-2019-9852", "lastModified": "2024-11-21T04:52:26.423", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-15T22:15:22.350", "references": [{"source": "security@documentfoundation.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html"}, {"source": "security@documentfoundation.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html"}, {"source": "security@documentfoundation.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html"}, {"source": "security@documentfoundation.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/"}, {"source": "security@documentfoundation.org", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Aug/28"}, {"source": "security@documentfoundation.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/17"}, {"source": "security@documentfoundation.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4102-1/"}, {"source": "security@documentfoundation.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4501"}, {"source": "security@documentfoundation.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9852"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Aug/28"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/17"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4102-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4501"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9852"}], "sourceIdentifier": "security@documentfoundation.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-116"}], "source": "security@documentfoundation.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:1151", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libreoffice-1:5.3.6.1-24.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-03-31T00:00:00Z"}, {"advisory": "RHSA-2020:1598", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libreoffice-1:6.0.6.1-20.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}], "bugzilla": {"description": "libreoffice: Insufficient URL encoding flaw in allowed script location check", "id": "1744868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1744868"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-22", "details": ["LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed. However this new protection could be bypassed by a URL encoding attack. In the fixed versions, the parsed url describing the script location is correctly encoded before further processing. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6."], "name": "CVE-2019-9852", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2019-08-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-9852\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9852\nhttps://www.libreoffice.org/about-us/security/advisories/CVE-2019-9852"], "threat_severity": "Moderate", "upstream_fix": "LibreOffice 6.2.6, LibreOffice 6.3.0"}