Security Advisory

CVE-2021-43445

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-01-23 00:00:00

Last updated 2025-04-02 16:04:58

Assigner mitre

State PUBLISHED

Description

ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service of the ONLYOFFICE document editor which is protected by JWT auth by using a default JWT signing key.

← Browse all CVEs View on cve.org ↗