Vulnerabilities > CVE-2022-45175 - Authorization Bypass Through User-Controlled Key vulnerability in Liveboxcloud Vdesk 018

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

liveboxcloud

CWE-639

NVD

Published: 2023-04-14

Updated: 2023-04-19

Summary

An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/{ID-FILE]/c/{N]/{C]/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by guessing the file ID of a target file.

Vulnerable Configurations

Part	Description	Count
Application	Liveboxcloud Liveboxcloud Vdesk - Liveboxcloud Vdesk 018	2

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://www.gruppotim.it/it/footer/red-team.html