CVE-2020-13958 — HIGH (7.8)

Q: How severe is CVE-2020-13958?

CVE-2020-13958 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-13958?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Openoffice.

Vulnerability Description

A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the document event handler and other hyperlinks require a control-click.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apache	Openoffice	>= 4.0.0, < 4.1.8

References

https://lists.apache.org/thread.html/r6b2f48cf6c4aad4ebd13f90033162276b0ccae63beMailing ListVendor Advisory
https://lists.apache.org/thread.html/r6b2f48cf6c4aad4ebd13f90033162276b0ccae63beMailing ListVendor Advisory

FAQ

What is CVE-2020-13958?

CVE-2020-13958 is a vulnerability with a CVSS score of 7.8 (HIGH). A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be...

How severe is CVE-2020-13958?

CVE-2020-13958 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-13958?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Openoffice.