LibreOffice < 6.2.7 / 6.3.x < 6.3.1 Directory Traversal (macOS)
Medium Nessus Plugin ID 129534
SynopsisAn application installed on the remote host is affected by a directory traversal vulnerability.
DescriptionThe version of LibreOffice installed on the remote macOS host is prior to 6.2.7 or 6.3.x prior to 6.3.1. It is, therefore, affected by a directory traversal vulnerability. This is due to a feature in LibreOffice which allows documents to specify pre-installed macros that can be executed on various script events. Only scripts under the 'share/Scripts/python' and /user/Scripts/python' sub-directories of the LibreOffice install should be accessible.
Previous protection to address CVE-2019-9852 to avoid a directory traversal attack was added, however this protection can be bypassed due to a flaw in how LibreOffice assembles the final script URL location. This flaw can be exploited to allow scripts in arbitrary locations on the file system to be executed.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to LibreOffice version 6.2.7, 6.3.1 or later.