Collabora Online Remote Code Execution Vulnerability in Document Jail with Macros Enabled

A remote code execution vulnerability exists in Collabora Online versions prior to 24.04.12.4, 23.05.19, and 22.05.25. When macro support is enabled, macros can execute executable binaries. This vulnerability arises from the combination of hosting executables in the local network, allowed by the net.lok_allow configuration, and a macro-enabled Collabora Online instance. Arbitrary binaries could be installed and executed within the document jail, bypassing network host restrictions and potentially facilitating further exploitation.

Impact

Exploitation allows for the execution of arbitrary binaries within the Collabora Online document jail, where the executed files can bypass certain network restrictions, creating opportunities for additional exploitation.

Remediation

Users can update to Collabora Online versions 24.04.12.4, 23.05.19, or 22.05.25 and later, where the vulnerability is patched. If macros are enabled, they can be disabled by setting 'enable_macros_execution' to 'false' in the 'coolwsd.xml' configuration file.