What is CVE-2024-37311?

CVE-2024-37311 is a high-severity vulnerability in Collaboraonline Online, classified under Improper Certificate Validation. CVSS score: 8.2/10. Published 2024-08-23.

How severe is CVE-2024-37311?

High severity. CVSS v3 base score is 8.2 out of 10.

Vulnerability in Collaboraonline Online

CVE-2024-37311

Collabora Online is a collaborative online office suite based on LibreOffice. In affected versions of Collabora Online, https connections from coolwsd to other hosts may incompletely verify the remote host's certificate's against the full…

Vulnerability class: Improper Certificate Validation

EPSS: 0.001 (31.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N.

Affected products

Collaboraonline Online — versions >= 24.04.1.1, < 24.04.4.3, >= 23.05.0-1, < 23.05.14-1, < 22.05.23.1

Weakness classification (CWE)

CWE-295 — Improper Certificate Validation

References

https://github.com/CollaboraOnline/online/security/advisories/GHSA-hvhm-5c44-977x (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2024-37311?: CVE-2024-37311 is a high-severity vulnerability in Collaboraonline Online, classified under Improper Certificate Validation. CVSS score: 8.2/10. Published 2024-08-23.
How severe is CVE-2024-37311?: High severity. CVSS v3 base score is 8.2 out of 10.