CVE-2024-30265— Voilà Local file inclusion

CVSS 7.5 · High EPSS 0.24% · P46 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-30265

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Voilà Local file inclusion

Source: NVD (National Vulnerability Database)

Vulnerability Description

Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voilà dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voilà dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how voilà is deployed. This issue has been patched in 0.2.17, 0.3.8, 0.4.4 and 0.5.6.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

文件名或路径的外部可控制

Source: NVD (National Vulnerability Database)

Vulnerability Title

Collabora Online 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Collabora Online是英国Collabora公司的一个应用软件。一个强大的基于 LibreOffice 的在线办公室，支持所有主要的文档、电子表格和演示文件格式。 Collabora Online 0.0.2及更高版本存在安全漏洞，该漏洞源于存在本地文件包含漏洞。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
voila-dashboards	voila	>= 0.0.2, < 0.2.17	-

II. Public POCs for CVE-2024-30265

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-30265

请登录查看更多情报信息。

https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fgx_refsource_CONFIRM
https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67x_refsource_MISC
https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504x_refsource_MISC
https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52x_refsource_MISC
https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2x_refsource_MISC
https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2024-30265

IV. Related Vulnerabilities

Same weakness: CWE-73

V. Comments for CVE-2024-30265

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-30265— Voilà Local file inclusion

I. Basic Information for CVE-2024-30265

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-30265

III. Intelligence Information for CVE-2024-30265

IV. Related Vulnerabilities

V. Comments for CVE-2024-30265

Leave a comment