NVD Vulnerability Detail

CVE-2020-12802

Summary	LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where remote graphic links loaded from docx documents were omitted from this protection prior to version 6.4.4. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4.
Publication Date	June 9, 2020, 1:15 a.m.
Registration Date	Jan. 26, 2021, 11:51 a.m.
Last Update	Nov. 21, 2024, 2 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:libreoffice:libreoffice::::::::					6.4.4

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:31:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00042.html	Mailing List Third Party Advisory
2	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00058.html	Mailing List Third Party Advisory
3	https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html
4	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQIBAKXD7VO5IGBD7ZMH3GGBNR5R2IOA/
5	https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12802	Vendor Advisory
6	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00042.html	Mailing List Third Party Advisory
7	https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12802	Vendor Advisory
8	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQIBAKXD7VO5IGBD7ZMH3GGBNR5R2IOA/
9	https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html
10	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00058.html	Mailing List Third Party Advisory

Common Vulnerabilities List

JVN Vulnerability Information

LibreOffice における情報漏えいに関する脆弱性

Title	LibreOffice における情報漏えいに関する脆弱性
Summary	LibreOffice には、情報漏えいに関する脆弱性が存在します。
Possible impacts	情報を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 8, 2020, midnight
Registration Date	July 9, 2020, 11:03 a.m.
Last Update	July 9, 2020, 11:03 a.m.

Affected System

The Document Foundation

LibreOffice 6.4.4 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2020-12802	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12802
LibreOffice
2	CVE-2020-12802	https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12802
National Vulnerability Database (NVD)
3	CVE-2020-12802	https://nvd.nist.gov/vuln/detail/CVE-2020-12802

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-200	https://jvndb.jvn.jp/ja/cwe/CWE-200.html

Change Log

No	Changed Details	Date of change
1	[2020年07月09日] 掲載	July 9, 2020, 11:03 a.m.