Advisory 2024-03/01 LibreOffice Vulnerabilities
| Vulnerability types | Arbitrary code execution, improper access control, arbitrary script execution, arbitrary plugin execution |
| Severity factors | These vulnerabilities have CVSS severity ratings of 5.3 medium - 8.8 high for users who are affected. |
| Versions affected | FileCloud versions earlier than 23.232.1 are affected. |
| Version fixed | FileCloud version 23.232.1 and later |
Description
This advisory covers several LibreOffice security advisories that were published after version 7.4.1, the latest version on FileCloud prior to this upgrade. The security advisory address vulnerabilities associated with arbitrary code or plugin execution or improper access control.
Fix
FileCloud version 23.232.1.24856 upgrades LibreOffice to version 7.6.4, which does not include these vulnerabilities.
What you should do to fix this vulnerability
- If you are using FileCloud Server, we recommended that you update to the latest version, which is 23.232.1.24856 or greater.
- If you are using FileCloud Online, your site has already been updated to the latest version.
If you have any questions about this advisory, please contact FileCloud support.