Comment 4 for bug 1930471
Revision history for this message
| Kristina Hoeppner (kris-hoeppner) wrote | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
e3ace39
(Get the code!)
For the security forum post:
Vulnerability type: Other (CSV Injection)
Attack type: Local
Impact: Code execution
Affected components: Exported CSV files with personal data that are imported into a spreadsheet software
Attack vectors: If a person saves data (like their username) beginning with certain characters, e.g. = or + etc. then the data when added into a spreadsheet program will be interpreted as a command. This allows one to create a malicious string so that they can exploit spreadsheet vulnerabilities. Mahara itself is not vulnerable, but it can be the vector of transmission.
Suggested description: In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command and execute a malicious string locally on a device.
Reported by: Saksham Anand (Catalyst IT)
Bug report: https:/
CVE reference: CVE-2021-40848