Vulnerability Details : CVE-2022-48422
ONLYOFFICE Docs through 7.3 on certain Linux distributions allows local users to gain privileges via a Trojan horse libgcc_s.so.1 in the current working directory, which may be any directory in which an ONLYOFFICE document is located.
Exploit prediction scoring system (EPSS) score for CVE-2022-48422
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 19 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-48422
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
References for CVE-2022-48422
-
https://forum.onlyoffice.com/t/security-hole-library-from-cwd/3302
Security hole - library from cwd - Desktop editors - ONLYOFFICEExploit;Issue Tracking;Third Party Advisory
Products affected by CVE-2022-48422
- cpe:2.3:a:onlyoffice:document_server:*:*:*:*:*:*:*:*