CVE-2024-30265

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-30265

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-30265.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-30265

Aliases

GHSA-2q59-h24c-w6fg

Published

2024-04-03T22:55:20.202Z

Modified

2025-11-20T12:26:22.706445Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Voilà Local file inclusion

Details

Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voilà dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voilà dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how voilà is deployed. This issue has been patched in 0.2.17, 0.3.8, 0.4.4 and 0.5.6.

Database specific

{
    "cwe_ids": [
        "CWE-73"
    ]
}

References

Affected packages

Git / github.com/voila-dashboards/voila

Affected ranges

Type

GIT

Repo

https://github.com/voila-dashboards/voila

Events

Introduced

0bed97f2b50b7ce4171a5bb396000b61bd090d3e

Fixed

e1cbe23ffdf6ae2a4693dcb775977050935b198c

Database specific

{
    "versions": [
        {
            "introduced": "0.0.2"
        },
        {
            "fixed": "0.2.17"
        }
    ]
}

Type

GIT

Repo

https://github.com/voila-dashboards/voila

Events

Introduced

41d4ba97db594eaf49e73bc2a729b3f82262bd74

Fixed

b2dda83bacc4d75e5502619d45cbc789fc17f421

Database specific

{
    "versions": [
        {
            "introduced": "0.3.0a0"
        },
        {
            "fixed": "0.3.8"
        }
    ]
}

Type

GIT

Repo

https://github.com/voila-dashboards/voila

Events

Introduced

0f31ffc988ac2692b4dc3d1a4c8ea5988c5bf883

Fixed

68f422f3f4d21eeea1300e640edd18176c8d5112

Database specific

{
    "versions": [
        {
            "introduced": "0.4.0a0"
        },
        {
            "fixed": "0.4.4"
        }
    ]
}

Type

GIT

Repo

https://github.com/voila-dashboards/voila

Events

Introduced

556c91edd92b2e555c4600642426a1f808c0fb83

Fixed

110d6bc3069a46c806d3b82a12d3f2079c3c4a5e

Database specific

{
    "versions": [
        {
            "introduced": "0.5.0a0"
        },
        {
            "fixed": "0.5.6"
        }
    ]
}

Affected versions

0.*

0.0.10

0.0.11

0.0.12

0.0.13

0.0.14

0.0.2

0.0.3

0.0.4

0.0.5

0.0.6

0.0.7

0.0.8

0.0.9

0.1.0

0.1.1

0.1.10

0.1.11

0.1.12

0.1.13

0.1.14

0.1.15

0.1.16

0.1.17

0.1.18

0.1.19

0.1.2

0.1.20

0.1.21

0.1.3

0.1.4

0.1.5

0.1.6

0.1.7

0.1.8

0.1.9

0.2.0

0.2.0a0

0.2.0a1

0.2.0a2

0.2.0a3

0.2.0b0

0.2.0b1

0.2.1

0.2.10

0.2.11

0.2.12

0.2.15

0.2.2

0.2.3

0.2.4

0.2.5

0.2.6

0.2.7

0.2.8

0.2.9

@voila-dashboards/jupyterlab-preview@2.*

@voila-dashboards/jupyterlab-preview@2.0.5

@voila-dashboards/jupyterlab-preview@2.0.6

@voila-dashboards/jupyterlab-preview@2.0.7

@voila-dashboards/jupyterlab-preview@2.1.0

@voila-dashboards/jupyterlab-preview@2.1.0-beta.0

@voila-dashboards/jupyterlab-preview@2.1.0-rc.0

@voila-dashboards/jupyterlab-preview@2.1.1

@voila-dashboards/jupyterlab-preview@2.1.2

@voila-dashboards/jupyterlab-preview@2.1.3

@voila-dashboards/jupyterlab-preview@2.1.4

@voila-dashboards/jupyterlab-preview@2.1.5

@voila-dashboards/jupyterlab-preview@2.1.6

@voila-dashboards/jupyterlab-preview@2.2.0

@voila-dashboards/jupyterlab-preview@2.2.0-beta.0

@voila-dashboards/jupyterlab-preview@2.2.0-rc.0

@voila-dashboards/jupyterlab-preview@2.2.0-rc.1

@voila-dashboards/jupyterlab-preview@2.3.0

@voila-dashboards/jupyterlab-preview@2.3.0-beta.0

@voila-dashboards/jupyterlab-preview@2.3.0-beta.1

@voila-dashboards/jupyterlab-preview@2.3.0-rc.0

@voila-dashboards/jupyterlab-preview@2.3.1

@voila-dashboards/jupyterlab-preview@2.3.2

@voila-dashboards/jupyterlab-preview@2.3.3

@voila-dashboards/jupyterlab-preview@2.3.4

@voila-dashboards/jupyterlab-preview@2.3.5

@voila-dashboards/voila@0.*

@voila-dashboards/voila@0.2.13

@voila-dashboards/voila@0.2.14

@voila-dashboards/voila@0.2.16

@voila-dashboards/voila@0.3.0

@voila-dashboards/voila@0.3.0-beta.0

@voila-dashboards/voila@0.3.0-rc.0

@voila-dashboards/voila@0.3.1

@voila-dashboards/voila@0.3.2

@voila-dashboards/voila@0.3.3

@voila-dashboards/voila@0.3.4

@voila-dashboards/voila@0.3.5

@voila-dashboards/voila@0.3.6

@voila-dashboards/voila@0.4.0

@voila-dashboards/voila@0.4.0-beta.0

@voila-dashboards/voila@0.4.0-rc.0

@voila-dashboards/voila@0.4.0-rc.1

@voila-dashboards/voila@0.5.0

@voila-dashboards/voila@0.5.0-beta.0

@voila-dashboards/voila@0.5.0-beta.1

@voila-dashboards/voila@0.5.0-rc.0

@voila-dashboards/voila@0.5.1

@voila-dashboards/voila@0.5.2

@voila-dashboards/voila@0.5.3

@voila-dashboards/voila@0.5.4

@voila-dashboards/voila@0.5.5

v0.*

v0.2.13

v0.2.14

v0.2.16

v0.3.0

v0.3.0b0

v0.3.0rc0

v0.3.1

v0.3.2

v0.3.3

v0.3.4

v0.3.5

v0.3.6

v0.3.7

v0.4.0

v0.4.0b0

v0.4.0rc0

v0.4.0rc1

v0.4.1

v0.4.2

v0.4.3

v0.5.0

v0.5.0b0

v0.5.0b1

v0.5.0rc0

v0.5.1

v0.5.2

v0.5.3

v0.5.4

v0.5.5