漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
The same file cannot be opened with different rights
Vulnerability Description
application-collabora is an integration of Collabora Online in XWiki. As part of the application use cases, depending on the rights that a user has over a document, they should be able to open the office attachments files in view or edit mode. Currently, if a user opens an attachment file in edit mode in collabora, this right will be preserved for all future users, until the editing session is closes, even if some of them have only view right. Collabora server is the one issuing this request and it seems that the `userCanWrite` query parameter is cached, even if, for example, token is not. This issue has been patched in version 1.3.
CVSS Information
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
缺省权限不正确
Vulnerability Title
Collabora Online 安全漏洞
Vulnerability Description
Collabora Online是英国Collabora公司的一个应用软件。一个强大的基于 LibreOffice 的在线办公室,支持所有主要的文档、电子表格和演示文件格式。 Collabora Online 1.0至1.3之前版本存在安全漏洞,该漏洞源于存在权限配置错误问题,导致不能使用不同的权限打开同一个文件。
CVSS Information
N/A
Vulnerability Type
N/A