CVE-2023-6186

High

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without…

Document Fdn.·CWE-281·Published 2023-12-11

CVSS

8.8

EPSS

0.01

KEV

Exploits

cve.orgen

305 chars

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.

NVDen

305 chars

NVDes

340 chars

La validación insuficiente de permisos en las macros de The Document Foundation LibreOffice permite a un atacante ejecutar macros integradas sin previo aviso. En las versiones afectadas, LibreOffice admite hipervínculos con macros o destinos de comandos integrados similares que se pueden ejecutar cuando se activan sin advertir al usuario.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	8.3	—	—	CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H