CVE-2022-26306

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-26306

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-26306.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-26306

Related

Published

2022-07-25T15:15:09Z

Modified

2024-09-18T03:12:24.442525Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1.

References

Affected packages

Debian:11 / libreoffice

Package

Name: libreoffice
Purl: pkg:deb/debian/libreoffice?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:7.0.4-4+deb11u2

Affected versions

1:7.*

1:7.0.4-4

1:7.0.4-4+deb11u1~bpo10+1

1:7.0.4-4+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libreoffice

Package

Name: libreoffice
Purl: pkg:deb/debian/libreoffice?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:7.3.3~rc1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libreoffice

Package

Name: libreoffice
Purl: pkg:deb/debian/libreoffice?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:7.3.3~rc1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}