LibreOffice < 6.2.7 / 6.3.x < 6.3.1 Directory Traversal (macOS)

high Nessus Plugin ID 129534

Synopsis

An application installed on the remote host is affected by a directory traversal vulnerability.

Description

The version of LibreOffice installed on the remote macOS host is prior to 6.2.7 or 6.3.x prior to 6.3.1. It is, therefore, affected by a directory traversal vulnerability. This is due to a feature in LibreOffice which allows documents to specify pre-installed macros that can be executed on various script events. Only scripts under the 'share/Scripts/python' and /user/Scripts/python' sub-directories of the LibreOffice install should be accessible.
Previous protection to address CVE-2019-9852 to avoid a directory traversal attack was added, however this protection can be bypassed due to a flaw in how LibreOffice assembles the final script URL location. This flaw can be exploited to allow scripts in arbitrary locations on the file system to be executed.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to LibreOffice version 6.2.7, 6.3.1 or later.

See Also

http://www.nessus.org/u?43a121e2

Plugin Details

Severity: High

ID: 129534

File Name: macos_libreoffice_631.nasl

Version: 1.5

Type: local

Agent: macosx

Published: 10/3/2019

Updated: 8/16/2022

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-9854

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:libreoffice:libreoffice

Required KB Items: Host/MacOSX/Version, installed_sw/LibreOffice

Exploit Ease: No known exploits are available

Patch Publication Date: 9/6/2019

Vulnerability Publication Date: 9/6/2019

Reference Information

CVE: CVE-2019-9854

IAVB: 2019-B-0078-S