CVE-2020-12432

CVSS V2 Medium 4.3 CVSS V3 Medium 6.1
Description
The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtain an API access token, which can be accomplished if the attacker is able to upload a .docx or .odt file. The associated API endpoints for exploitation are /wopi/files and /wopi/getAccessToken.
Overview
  • CVE ID
  • CVE-2020-12432
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2020-07-21T14:15:14
  • Last Modified Date
  • 2020-07-24T18:39:53
Weakness Enumerations
CWE URL
CWE-79 http://cwe.mitre.org/data/definitions/79.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:collaboraoffice:collabora_online_development_edition:*:*:*:*:*:*:*:* 1 OR 4.2.2
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • REQUIRED
  • Scope
  • CHANGED
  • Confidentiality Impact
  • LOW
  • Availability Impact
  • NONE
  • Base Score
  • 6.1
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 2.8
  • Impact Score
  • 2.7
References
Reference URL Reference Tags
https://github.com/d7x/CVE-2020-12432 Exploit Third Party Advisory
https://www.youtube.com/watch?v=_tkRnSr6yc0 Exploit Third Party Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2020-12432
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12432
History
Created Old Value New Value Data Type Notes
2022-05-10 16:39:50 Added to TrackCVE
2022-12-04 20:05:00 2020-07-21T14:15Z 2020-07-21T14:15:14 CVE Published Date updated
2022-12-04 20:05:00 2020-07-24T18:39:53 CVE Modified Date updated
2022-12-04 20:05:01 Analyzed Vulnerability Status updated