Vulnerabilities > CVE-2020-13451 - Incomplete Cleanup vulnerability in Thecodingmachine Gotenberg
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html
- https://github.com/thecodingmachine/gotenberg/issues/199
- http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html
- https://github.com/thecodingmachine/gotenberg/issues/199