Impact
Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server (richdocumentscode) is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attack via modified client->server commands to overwrite files outside the sub directory the server has provided for the transient session.
Patches
The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.602.
Workarounds
None, except removing Collabora Online - Built-in CODE Server (richdocumentscode) app or using standalone dedicated Collabora Online server.
Credits
Thanks to Reginaldo Silva of ubercomp.com for discovering this flaw.
ubercomp Reporter
Impact
Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server (richdocumentscode) is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attack via modified client->server commands to overwrite files outside the sub directory the server has provided for the transient session.
Patches
The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.602.
Workarounds
None, except removing Collabora Online - Built-in CODE Server (richdocumentscode) app or using standalone dedicated Collabora Online server.
Credits
Thanks to Reginaldo Silva of ubercomp.com for discovering this flaw.