The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5694-1 advisory.

    It was discovered that LibreOffice incorrectly handled links using the Office URI Schemes. If a user were     tricked into opening a specially crafted document, a remote attacker could use this issue to execute     arbitrary scripts. (CVE-2022-3140)

    Thomas Florian discovered that LibreOffice incorrectly handled crashes when an encrypted document is open.
    If the document is recovered upon restarting LibreOffice, subsequent saves of the document were     unencrypted. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-12801)

    Jens Mller discovered that LibreOffice incorrectly handled certain documents containing forms. If a user     were tricked into opening a specially crafted document, a remote attacker could overwrite arbitrary files     when the form was submitted. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-12803)

    It was discovered that LibreOffice incorrectly validated macro signatures. If a user were tricked into     opening a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary     macros. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-26305)

    It was discovered that Libreoffice incorrectly handled encrypting the master key provided by the user for     storing passwords for web connections. A local attacker could possibly use this issue to obtain access to     passwords stored in the users configuration data. This issue only affected Ubuntu 18.04 LTS.
    (CVE-2022-26306, CVE-2022-26307)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : LibreOffice vulnerabilities (USN-5694-1)

high Nessus Plugin ID 166339

Version 1.7

Version 1.6

Version 1.5

Version 1.5

Version 1.4

Version 1.2

Version 1.7 Aug 28, 2024, 11:02 PM Detection (updated detection logic) Plugin metadata CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin Feed: 202408282302
Version 1.6 Jul 11, 2023, 4:01 AM Detection Plugin Feed: 202307110401
Version 1.5 Jun 1, 2023, 2:11 PM IAVM reference Plugin Feed: 202306011411
Version 1.5 Jul 11, 2023, 1:48 AM Detection Plugin Feed: 202307110148
Version 1.4 Jan 18, 2023, 9:01 AM Logic Changes (Added support for s390x) Plugin Feed: 202301180901
Version 1.2 Oct 20, 2022, 11:50 PM New Plugin Feed: 202210202350