CVE-2020-12802

MEDIUM

LibreOffice <6.4.4 - Info Disclosure

Title source: llm

Description

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where remote graphic links loaded from docx documents were omitted from this protection prior to version 6.4.4. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4.

References (5)

Core 5

Core References

Mailing List, Third Party Advisory vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQIBAKXD7VO5IGBD7ZMH3GGBNR5R2IOA/

Mailing List, Third Party Advisory vendor-advisory

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00042.html

Mailing List, Third Party Advisory vendor-advisory

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00058.html

Mailing List mailing-list

https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html

Vendor Advisory

https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12802

Scores

CVSS v3 5.3

EPSS 0.0041

EPSS Percentile 61.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-200

Status published

Products (4)

fedoraproject/fedora 31

libreoffice/libreoffice < 6.4.4

opensuse/leap 15.1

opensuse/leap 15.2

Published Jun 08, 2020

Tracked Since Feb 18, 2026