The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5661-1 advisory.

    It was discovered that LibreOffice incorrectly validated macro signatures. If a user were tricked into     opening a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary     macros. (CVE-2022-26305)

    It was discovered that Libreoffice incorrectly handled encrypting the master key provided by the user for     storing passwords for web connections. A local attacker could possibly use this issue to obtain access to     passwords stored in the user's configuration data. (CVE-2022-26306, CVE-2022-26307)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 20.04 LTS : LibreOffice vulnerabilities (USN-5661-1)

high Nessus Plugin ID 165731

Version 1.7

Version 1.6

Version 1.5

Version 1.5

Version 1.4

Version 1.3

Version 1.7 Aug 28, 2024, 11:02 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202408282302
Version 1.6 Jul 11, 2023, 4:01 AM Detection Plugin Feed: 202307110401
Version 1.5 Jan 18, 2023, 9:01 AM Logic Changes (Added support for s390x) Plugin Feed: 202301180901
Version 1.5 Jul 11, 2023, 1:48 AM Detection Plugin Feed: 202307110148
Version 1.4 Dec 1, 2022, 4:17 PM CVSS metrics ("CVSSv2 score" changed from "4.0" to "9.0") CVSS metrics ("CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N" to "CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C") CVSSv2 severity (based on CVE-2022-26307, severity increased from "Medium" to "High") Plugin Feed: 202212011617
Version 1.3 Oct 18, 2022, 10:07 AM IAVM reference Plugin Feed: 202210181007