CVE-2024-37311: Collabora Online's remote host TLS certificates are not fully verified
First published: Fri Aug 23 2024(Updated: )
Collabora Online is a collaborative online office suite based on LibreOffice. In affected versions of Collabora Online, https connections from coolwsd to other hosts may incompletely verify the remote host's certificate's against the full chain of trust. This vulnerability is fixed in Collabora Online 24.04.4.3, 23.05.14.1, and 22.05.23.1.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Collabora Office Online | <24.04.4.3<23.05.14.1<22.05.23.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-37311?
CVE-2024-37311 has been classified as a medium-severity vulnerability.
How do I fix CVE-2024-37311?
To mitigate CVE-2024-37311, update Collabora Online to version 24.04.4.3 or later.
Which versions of Collabora Online are affected by CVE-2024-37311?
CVE-2024-37311 affects Collabora Online versions prior to 24.04.4.3, 23.05.14.1, and 22.05.23.1.
What type of vulnerability is CVE-2024-37311?
CVE-2024-37311 is a security vulnerability related to incomplete SSL certificate verification.
Is there a public advisory for CVE-2024-37311?
Yes, the public advisory for CVE-2024-37311 is available on the GitHub security advisories page.
- agent/weakness
- agent/references
- agent/title
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- agent/severity
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/collabora
- canonical/collabora office online