high
7.4
CWE
276
Advisory Published
Updated

CVE-2023-46743: The same file cannot be opened with different rights

First published: Thu Nov 09 2023(Updated: )

application-collabora is an integration of Collabora Online in XWiki. As part of the application use cases, depending on the rights that a user has over a document, they should be able to open the office attachments files in view or edit mode. Currently, if a user opens an attachment file in edit mode in collabora, this right will be preserved for all future users, until the editing session is closes, even if some of them have only view right. Collabora server is the one issuing this request and it seems that the `userCanWrite` query parameter is cached, even if, for example, token is not. This issue has been patched in version 1.3.

Credit: security-advisories@github.com

Affected SoftwareAffected VersionHow to fix
<1.3

Remedy

https://github.com/xwikisas/application-collabora/security/advisories/GHSA-mvq3-xxg2-rj57

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2023-46743?

    CVE-2023-46743 is a vulnerability in the XWiki Application-collabora, where the same file cannot be opened with different rights.

  • How does CVE-2023-46743 affect XWiki Application-collabora?

    CVE-2023-46743 affects XWiki Application-collabora by preventing users from opening the same file with different rights. For example, they should be able to open office attachment files in either view or edit mode.

  • What is the severity of CVE-2023-46743?

    The severity of CVE-2023-46743 is high with a CVSS score of 7.4.

  • How can I fix CVE-2023-46743 in XWiki Application-collabora?

    To fix CVE-2023-46743 in XWiki Application-collabora, update to a version higher than 1.3.

  • Where can I find more information about CVE-2023-46743?

    You can find more information about CVE-2023-46743 in the GitHub Security Advisory: [https://github.com/xwikisas/application-collabora/security/advisories/GHSA-mvq3-xxg2-rj57](https://github.com/xwikisas/application-collabora/security/advisories/GHSA-mvq3-xxg2-rj57)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203