CVE-2023-1183

Public on 2023-06-21
Modified on 2024-02-07
Description
A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.
Severity
Medium severity
Medium
CVSS v3 Base Score
5.0
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 hsqldb Pending Fix
Amazon Linux 2 - Core hsqldb 2024-05-23 ALAS2-2024-2557 Fixed
Amazon Linux 2 - Libreoffice Extra libreoffice 2023-08-07 ALAS2LIBREOFFICE-2023-001 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
NVD CVSSv3 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N