CVE-2023-46743

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Nov 9, 2023

Updated: Nov 17, 2023

CWE ID 276

Summary

CVE-2023-46743 is a vulnerability affecting the application-collabora integration of Collabora Online in XWiki. It allows users to preserve edit rights on office attachment files beyond their authorized access level, even when other users have only view rights. This issue arises due to the caching of the `userCanWrite` query parameter in the Collabora server, which persists even when the editing session is closed or when the user token changes. This vulnerability has been addressed in version 1.3 of the application.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tIwY-p
https://www.cve.org/CVERecord?id=CVE-2023-46743
https://nvd.nist.gov/vuln/detail/CVE-2023-46743

Back to Vulnerability Database

CVE-2023-46743

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations