CVE-2024-37311 HIGH

CVE-2024-37311: Collabora Online's remote host TLS certificates are not fully verified

Vendor Collaboraonline
Product online
Weakness CWE-295
Published August 23, 2024
Last update August 23, 2024

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

Collabora Online is a collaborative online office suite based on LibreOffice. In affected versions of Collabora Online, https connections from coolwsd to other hosts may incompletely verify the remote host's certificate's against the full chain of trust. This vulnerability is fixed in Collabora Online 24.04.4.3, 23.05.14.1, and 22.05.23.1.

Key dates

02Disclosure timeline

August 23, 2024 CVE published
August 23, 2024 Record updated