Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
URL fetching can be used to exfiltrate arbitrary INI file values and environment variables
Vulnerability Description
Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such links. This issue affects LibreOffice: from 24.8 before < 24.8.4.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
LibreOffice 信息泄露漏洞
Vulnerability Description
LibreOffice是The Document基金会的一套开源的办公软件套件。 LibreOffice 24.8至24.8.4之前版本存在信息泄露漏洞,该漏洞源于环境变量和INI文件值的不当暴露,可能导致打开文档时敏感信息被泄露给远程服务器。
CVSS Information
N/A
Vulnerability Type
N/A