LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1.

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - libreoffice: Weak Master Keys (CVE-2022-26307)

  - An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was     signed by a trusted author was done by only matching the serial number and issuer string of the used     certificate with that of a trusted certificate. This is not sufficient to verify that the macro was     actually signed with the certificate. An adversary could therefore create an arbitrary certificate with a     serial number and an issuer string identical to a trusted certificate which LibreOffice would present as     belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in     macros improperly trusted. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to     7.2.7; 7.3 versions prior to 7.3.1. (CVE-2022-26305)

  - LibreOffice supports the storage of passwords for web connections in the user's configuration database.
    The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice     existed where the required initialization vector for encryption was always the same which weakens the     security of the encryption making them vulnerable if an attacker has access to the user's configuration     data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions     prior to 7.3.1. (CVE-2022-26306)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:0089 advisory.

  - libreoffice: Execution of Untrusted Macros Due to Improper Certificate Validation (CVE-2022-26305)

  - libreoffice: Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing     the Master Password (CVE-2022-26306)

  - libreoffice: Weak Master Keys (CVE-2022-26307)

  - libreoffice: Macro URL arbitrary script execution (CVE-2022-3140)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0089 advisory.

  - An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was     signed by a trusted author was done by only matching the serial number and issuer string of the used     certificate with that of a trusted certificate. This is not sufficient to verify that the macro was     actually signed with the certificate. An adversary could therefore create an arbitrary certificate with a     serial number and an issuer string identical to a trusted certificate which LibreOffice would present as     belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in     macros improperly trusted. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to     7.2.7; 7.3 versions prior to 7.3.1. (CVE-2022-26305)

  - LibreOffice supports the storage of passwords for web connections in the user's configuration database.
    The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice     existed where the required initialization vector for encryption was always the same which weakens the     security of the encryption making them vulnerable if an attacker has access to the user's configuration     data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions     prior to 7.3.1. (CVE-2022-26306)

  - LibreOffice supports the storage of passwords for web connections in the user's configuration database.
    The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice     existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making     the stored passwords vulerable to a brute force attack if an attacker has access to the users stored     config. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions     prior to 7.3.3. (CVE-2022-26307)

  - LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint     server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected     versions of LibreOffice links using that scheme could be constructed to call internal macros with     arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary     script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions     prior to 7.4.1; 7.3 versions prior to 7.3.6. (CVE-2022-3140)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0304 advisory.

  - An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was     signed by a trusted author was done by only matching the serial number and issuer string of the used     certificate with that of a trusted certificate. This is not sufficient to verify that the macro was     actually signed with the certificate. An adversary could therefore create an arbitrary certificate with a     serial number and an issuer string identical to a trusted certificate which LibreOffice would present as     belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in     macros improperly trusted. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to     7.2.7; 7.3 versions prior to 7.3.1. (CVE-2022-26305)

  - LibreOffice supports the storage of passwords for web connections in the user's configuration database.
    The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice     existed where the required initialization vector for encryption was always the same which weakens the     security of the encryption making them vulnerable if an attacker has access to the user's configuration     data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions     prior to 7.3.1. (CVE-2022-26306)

  - LibreOffice supports the storage of passwords for web connections in the user's configuration database.
    The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice     existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making     the stored passwords vulerable to a brute force attack if an attacker has access to the users stored     config. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions     prior to 7.3.3. (CVE-2022-26307)

  - LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint     server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected     versions of LibreOffice links using that scheme could be constructed to call internal macros with     arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary     script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions     prior to 7.4.1; 7.3 versions prior to 7.3.6. (CVE-2022-3140)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3368 advisory.

  - LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual     aids that no alteration of the document occurred since the last signing and that the signature is valid.
    An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally     signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the     document to contain both X509Data and KeyValue children of the KeyInfo tag, which when opened caused     LibreOffice to verify using the KeyValue but to report verification with the unrelated X509Data value.
    This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5. (CVE-2021-25636)

  - An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was     signed by a trusted author was done by only matching the serial number and issuer string of the used     certificate with that of a trusted certificate. This is not sufficient to verify that the macro was     actually signed with the certificate. An adversary could therefore create an arbitrary certificate with a     serial number and an issuer string identical to a trusted certificate which LibreOffice would present as     belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in     macros improperly trusted. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to     7.2.7; 7.3 versions prior to 7.3.1. (CVE-2022-26305)

  - LibreOffice supports the storage of passwords for web connections in the user's configuration database.
    The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice     existed where the required initialization vector for encryption was always the same which weakens the     security of the encryption making them vulnerable if an attacker has access to the user's configuration     data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions     prior to 7.3.1. (CVE-2022-26306)

  - LibreOffice supports the storage of passwords for web connections in the user's configuration database.
    The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice     existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making     the stored passwords vulerable to a brute force attack if an attacker has access to the users stored     config. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions     prior to 7.3.3. (CVE-2022-26307)

  - LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint     server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected     versions of LibreOffice links using that scheme could be constructed to call internal macros with     arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary     script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions     prior to 7.4.1; 7.3 versions prior to 7.3.6. (CVE-2022-3140)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0304 advisory.

  - LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint     server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected     versions of LibreOffice links using that scheme could be constructed to call internal macros with     arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary     script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions     prior to 7.4.1; 7.3 versions prior to 7.3.6. (CVE-2022-3140)

  - An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was     signed by a trusted author was done by only matching the serial number and issuer string of the used     certificate with that of a trusted certificate. This is not sufficient to verify that the macro was     actually signed with the certificate. An adversary could therefore create an arbitrary certificate with a     serial number and an issuer string identical to a trusted certificate which LibreOffice would present as     belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in     macros improperly trusted. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to     7.2.7; 7.3 versions prior to 7.3.1. (CVE-2022-26305)

  - LibreOffice supports the storage of passwords for web connections in the user's configuration database.
    The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice     existed where the required initialization vector for encryption was always the same which weakens the     security of the encryption making them vulnerable if an attacker has access to the user's configuration     data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions     prior to 7.3.1. (CVE-2022-26306)

  - LibreOffice supports the storage of passwords for web connections in the user's configuration database.
    The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice     existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making     the stored passwords vulerable to a brute force attack if an attacker has access to the users stored     config. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions     prior to 7.3.3. (CVE-2022-26307)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0304 advisory.

    [7.1.8.1-8.0.1]
    - Replace colors with Oracle colors [Orabug: 32120093]
    - Build with --with-vendor='Oracle America, Inc.'
    - Added the --with-hamcrest option to configure.

    [1:7.1.8.1-8]
    - Resolves: rhbz#2134759 Untrusted Macros
    - Resolves: rhbz#2134757 Weak Master Keys
    - Resolves: rhbz#2134755 Static Initialization Vector
    - Resolves: rhbz#2134761 Macro URL arbitrary script execution

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0304 advisory.

    LibreOffice is an open source, community-developed office productivity suite. It includes key desktop     applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a     drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office     suite.

    Security Fix(es):

    * libreoffice: Macro URL arbitrary script execution (CVE-2022-3140)

    * libreoffice: Execution of Untrusted Macros Due to Improper Certificate Validation (CVE-2022-26305)

    * libreoffice: Static Initialization Vector Allows to Recover Passwords for Web Connections Without     Knowing the Master Password (CVE-2022-26306)

    * libreoffice: Weak Master Keys (CVE-2022-26307)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0089 advisory.

    - Resolves: rhbz#2134752 CVE-2022-26305 Untrusted Macros
    - Resolves: rhbz#2134751 CVE-2022-26307 Weak Master Keys
    - Resolves: rhbz#2134750 CVE-2022-26306 Static Initialization Vector

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0089 advisory.

  - LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint     server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected     versions of LibreOffice links using that scheme could be constructed to call internal macros with     arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary     script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions     prior to 7.4.1; 7.3 versions prior to 7.3.6. (CVE-2022-3140)

  - An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was     signed by a trusted author was done by only matching the serial number and issuer string of the used     certificate with that of a trusted certificate. This is not sufficient to verify that the macro was     actually signed with the certificate. An adversary could therefore create an arbitrary certificate with a     serial number and an issuer string identical to a trusted certificate which LibreOffice would present as     belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in     macros improperly trusted. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to     7.2.7; 7.3 versions prior to 7.3.1. (CVE-2022-26305)

  - LibreOffice supports the storage of passwords for web connections in the user's configuration database.
    The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice     existed where the required initialization vector for encryption was always the same which weakens the     security of the encryption making them vulnerable if an attacker has access to the user's configuration     data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions     prior to 7.3.1. (CVE-2022-26306)

  - LibreOffice supports the storage of passwords for web connections in the user's configuration database.
    The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice     existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making     the stored passwords vulerable to a brute force attack if an attacker has access to the users stored     config. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions     prior to 7.3.3. (CVE-2022-26307)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0089 advisory.

    LibreOffice is an open source, community-developed office productivity suite. It includes key desktop     applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a     drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office     suite.

    Security Fix(es):

    * libreoffice: Macro URL arbitrary script execution (CVE-2022-3140)

    * libreoffice: Execution of Untrusted Macros Due to Improper Certificate Validation (CVE-2022-26305)

    * libreoffice: Static Initialization Vector Allows to Recover Passwords for Web Connections Without     Knowing the Master Password (CVE-2022-26306)

    * libreoffice: Weak Master Keys (CVE-2022-26307)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5694-1 advisory.

    It was discovered that LibreOffice incorrectly handled links using the Office URI Schemes. If a user were     tricked into opening a specially crafted document, a remote attacker could use this issue to execute     arbitrary scripts. (CVE-2022-3140)

    Thomas Florian discovered that LibreOffice incorrectly handled crashes when an encrypted document is open.
    If the document is recovered upon restarting LibreOffice, subsequent saves of the document were     unencrypted. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-12801)

    Jens Mller discovered that LibreOffice incorrectly handled certain documents containing forms. If a user     were tricked into opening a specially crafted document, a remote attacker could overwrite arbitrary files     when the form was submitted. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-12803)

    It was discovered that LibreOffice incorrectly validated macro signatures. If a user were tricked into     opening a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary     macros. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-26305)

    It was discovered that Libreoffice incorrectly handled encrypting the master key provided by the user for     storing passwords for web connections. A local attacker could possibly use this issue to obtain access to     passwords stored in the users configuration data. This issue only affected Ubuntu 18.04 LTS.
    (CVE-2022-26306, CVE-2022-26307)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5661-1 advisory.

    It was discovered that LibreOffice incorrectly validated macro signatures. If a user were tricked into     opening a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary     macros. (CVE-2022-26305)

    It was discovered that Libreoffice incorrectly handled encrypting the master key provided by the user for     storing passwords for web connections. A local attacker could possibly use this issue to obtain access to     passwords stored in the user's configuration data. (CVE-2022-26306, CVE-2022-26307)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version, the LibreOffice application running on the remote host is prior to 7.2.7 or 7.3.3. It is, therefore, affected by multiple vulnerabilities:
  - LibreOffice supports the storage of passwords for web connections in the user's configuration database. The stored     passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the     required initialization vector for encryption was always the same which weakens the security of the encryption     making them vulnerable if an attacker has access to the user's configuration data.  (CVE-2022-26306)

  - LibreOffice supports the storage of passwords for web connections in the user's configuration database. The stored   passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the master   key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulerable   to a brute force attack if an attacker has access to the users stored config. (CVE-2022-26307)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
199599	RHEL 8 : flatpak_libreoffice (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	high
190177	CentOS 8 : libreoffice (CESA-2023:0089)	Nessus	CentOS Local Security Checks	high
184844	Rocky Linux 8 : libreoffice (RLSA-2023:0089)	Nessus	Rocky Linux Local Security Checks	high
184528	Rocky Linux 9 : libreoffice (RLSA-2023:0304)	Nessus	Rocky Linux Local Security Checks	high
173416	Debian DLA-3368-1 : libreoffice - LTS security update	Nessus	Debian Local Security Checks	high
170575	AlmaLinux 9 : libreoffice (ALSA-2023:0304)	Nessus	Alma Linux Local Security Checks	high
170516	Oracle Linux 9 : libreoffice (ELSA-2023-0304)	Nessus	Oracle Linux Local Security Checks	high
170427	RHEL 9 : libreoffice (RHSA-2023:0304)	Nessus	Red Hat Local Security Checks	high
170117	Oracle Linux 8 : libreoffice (ELSA-2023-0089)	Nessus	Oracle Linux Local Security Checks	high
170049	AlmaLinux 8 : libreoffice (ALSA-2023:0089)	Nessus	Alma Linux Local Security Checks	high
169961	RHEL 8 : libreoffice (RHSA-2023:0089)	Nessus	Red Hat Local Security Checks	high
166339	Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : LibreOffice vulnerabilities (USN-5694-1)	Nessus	Ubuntu Local Security Checks	high
165731	Ubuntu 20.04 LTS : LibreOffice vulnerabilities (USN-5661-1)	Nessus	Ubuntu Local Security Checks	high
163764	LibreOffice < 7.2.7 / 7.3 < 7.3.3 Multiple Vulnerabilities (Windows)	Nessus	Windows	high
163763	LibreOffice < 7.2.7 / 7.3 < 7.3.3 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high

Detections

Analytics

CVE-2022-26306

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high