ID CVE-2022-45175
Summary An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/{ID-FILE]/c/{N]/{C]/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by guessing the file ID of a target file.
References
Vulnerable Configurations
  • cpe:2.3:a:liveboxcloud:vdesk:-:*:*:*:*:*:*:*
    cpe:2.3:a:liveboxcloud:vdesk:-:*:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-639
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 19-04-2023 - 19:28
Published 14-04-2023 - 14:15
Last modified 19-04-2023 - 19:28
Back to Top