CVE-2020-13451

Critical

An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice…

mitre·CWE-459·Published 2021-01-07

CVSS

9.8

EPSS

0.03

KEV

Exploits

cve.orgen

196 chars

An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros.

NVDen

196 chars

An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros.

Una vulnerabilidad de saneamiento incompleto en el motor de renderizado de Office de Gotenberg versiones hasta 6.2.1, permite a un atacante sobrescribir los archivos de configuración de LibreOffice y ejecutar código arbitrario por medio de macros

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H