First published: Mon Jan 23 2023(Updated: )
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service of the ONLYOFFICE document editor which is protected by JWT auth by using a default JWT signing key.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Onlyoffice Server | <=7.0.0.49 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-43445 is critical with a score of 9.8.
CVE-2021-43445 affects all versions of ONLYOFFICE as of 2021-11-08.
The vulnerability in CVE-2021-43445 is Incorrect Access Control.
An attacker can authenticate with the web socket service of the ONLYOFFICE document editor using a default JWT signing key.
Yes, updating ONLYOFFICE to a version higher than 7.0.0.49 will fix the issue.