What is the severity of CVE-2024-25114?

CVE-2024-25114 is categorized as a high-severity vulnerability affecting specific versions of Collabora Online.

How do I fix CVE-2024-25114?

To mitigate CVE-2024-25114, upgrade to a patched version of Collabora Online that addresses this vulnerability.

What versions of Collabora Online are affected by CVE-2024-25114?

Collabora Online versions up to 23.05.9, 22.05.22, and 21.11.10 are affected by CVE-2024-25114.

What is the impact of CVE-2024-25114?

CVE-2024-25114 may allow unauthorized access or manipulation of documents in Collabora Online.

Is there any workaround for CVE-2024-25114?

Currently, there are no documented workarounds for CVE-2024-25114; upgrading is the recommended action.

Vulnerability/
CVE-2024-25114

medium

5.3

CWE

200

EPSS

0.043%

11/3/2024

27/2/2025

CVE-2024-25114: Sensitive Information Disclosure (JailID) to users in Collabora Online

First published: Mon Mar 11 2024(Updated: )

Collabora Online is a collaborative online office suite based on LibreOffice technology. Each document in Collabora Online is opened by a separate "Kit" instance in a different "jail" with a unique directory "jailID" name. For security reasons, this directory name is randomly generated and should not be given out to the client. In affected versions of Collabora Online it is possible to use the CELL() function, with the "filename" argument, in the spreadsheet component to get a path which includes this JailID. The impact of this vulnerability in its own is low because it requires to be chained with another vulnerability. Users should upgrade to Collabora Online 23.05.9; Collabora Online 22.05.22; Collabora Online 21.11.10 or higher. There are no known workarounds for this vulnerability.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Collabora Office Online	<23.05.9
Collabora Office Online	<22.05.22
Collabora Office Online	<21.11.10
Collabora Office Online	<21.11.9.4
Collabora Office Online	>=22.05.0<22.05.22
Collabora Office Online	>=23.05.0<23.05.9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-25114?
CVE-2024-25114 is categorized as a high-severity vulnerability affecting specific versions of Collabora Online.
How do I fix CVE-2024-25114?
To mitigate CVE-2024-25114, upgrade to a patched version of Collabora Online that addresses this vulnerability.
What versions of Collabora Online are affected by CVE-2024-25114?
Collabora Online versions up to 23.05.9, 22.05.22, and 21.11.10 are affected by CVE-2024-25114.
What is the impact of CVE-2024-25114?
CVE-2024-25114 may allow unauthorized access or manipulation of documents in Collabora Online.
Is there any workaround for CVE-2024-25114?
Currently, there are no documented workarounds for CVE-2024-25114; upgrading is the recommended action.

agent/references
agent/weakness
agent/title
agent/type
agent/first-publish-date
agent/description
agent/author
collector/epss-latest
source/FIRST
agent/epss
collector/mitre-cve
source/MITRE
agent/source
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/tags
agent/severity
agent/last-modified-date
agent/softwarecombine
agent/event
collector/nvd-api
source/NVD
vendor/collabora
canonical/collabora office online
version/collabora office online/22.05.0
version/collabora office online/23.05.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.