CVE-2020-13451

Description

An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros.

Affected Software
References

Software	From	Fixed in
thecodingmachine / gotenberg	-	6.2.1.x

http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html
https://github.com/thecodingmachine/gotenberg/issues/199

Severity: Critical

CVE: CVE-2020-13451
Published: Jan 7, 2021
Updated: Apr 13, 2023
Exploit:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-459

CVE-2020-13451

Description

Details

CVSS v3

CVSS v2

CWEs