CVE-2021-43445
Published on: Not Yet Published
Last Modified on: 01/23/2023 05:17:00 PM UTC
The following vulnerability was found:
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service of the ONLYOFFICE document editor which is protected by JWT auth by using a default JWT signing key.
- CVE-2021-43445 has been assigned by
[email protected] to track the vulnerability
CVE References
Description | Tags ⓘ | Link |
---|---|---|
ONLYOFFICE - Online Office for business | ONLYOFFICE | www.onlyoffice.com application/x-wine-extension-ini |
![]() |
Remote Code Execution in ONLYOFFICE - Nettitude Labs | labs.nettitude.com text/html |
![]() |
GitHub - ONLYOFFICE/server: The backend server software layer which is the part of ONLYOFFICE Document Server and is the base for all other components | github.com text/html |
![]() |
There are currently no QIDs associated with this CVE
There are no known software configurations (CPEs) currently associated with this CVE
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2021-43445 : ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can… twitter.com/i/web/status/1… | 2023-01-23 15:24:17 |
![]() |
CVE-2021-43445 | 2023-01-23 16:40:15 |