Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mbadanoiu/cve-2019-9849
CVE-2019-9849: Remote bullet graphics retrieved in “stealth mode” in LibreOffice
https://github.com/mbadanoiu/cve-2019-9849
0-day bypass cve cve-2019-9849 cves server-side-request-forgery
Last synced: 2 days ago
JSON representation
CVE-2019-9849: Remote bullet graphics retrieved in “stealth mode” in LibreOffice
- Host: GitHub
- URL: https://github.com/mbadanoiu/cve-2019-9849
- Owner: mbadanoiu
- Created: 2024-06-24T16:49:40.000Z (5 months ago)
- Default Branch: main
- Last Pushed: 2024-06-24T16:59:56.000Z (5 months ago)
- Last Synced: 2024-06-24T19:57:00.134Z (5 months ago)
- Topics: 0-day, bypass, cve, cve-2019-9849, cves, server-side-request-forgery
- Homepage:
- Size: 3.5 MB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# CVE-2019-9849: Remote bullet graphics retrieved in “stealth mode” in LibreOffice
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources.
This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document.
A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5.
HTML Tag
HTML Attribute
Triggers When Opened
Triggers On Save/Export
ol
src
No
Yes
ul
src
No
Yes
### Vendor Disclosure:
The vendor's disclosure for this vulnerability can be found [here](https://www.libreoffice.org/about-us/security/advisories/cve-2019-9849/).
### Proof Of Concept:
More details and the exploitation process (plus other HTML tag-attribute combination that result in SSRF) can be found in this [PDF](https://github.com/mbadanoiu/CVE-2019-9849/blob/main/LibreOffice%20-%20CVE-2019-9849.pdf).