libreoffice libreoffice CVE-2020-12801 vulnerability in LibreOffice and Other Products
Published on May 18, 2020

Crash-recovered MSOffice encrypted documents defaulted to not to using encryption on next save

product logo product logo product logo
If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice's default ODF file format, then affected versions of LibreOffice default that subsequent saves of the document are unencrypted. This may lead to a user accidentally saving a MSOffice file format document unencrypted while believing it to be encrypted. This issue affects: LibreOffice 6-3 series versions prior to 6.3.6; 6-4 series versions prior to 6.4.3.

Vendor Advisory NVD

Weakness Type

Missing Encryption of Sensitive Data

The software does not encrypt sensitive or critical information before storage or transmission. The lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys.


Products Associated with CVE-2020-12801

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-12801 are published in these products:

LibreOffice
 
OpenSuse Leap
 
Canonical Ubuntu Linux
 

Affected Versions

The Document Foundation LibreOffice:

Exploit Probability

EPSS
0.19%
Percentile
40.01%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.