Vulnerabilities > CVE-2022-45175 - Authorization Bypass Through User-Controlled Key vulnerability in Liveboxcloud Vdesk
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/{ID-FILE]/c/{N]/{C]/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by guessing the file ID of a target file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |