Server-Side Request Forgery (SSRF) Vulnerability in ONLYOFFICE Document Editor Service

Server-Side Request Forgery (SSRF) Vulnerability in ONLYOFFICE Document Editor Service

CVE-2021-43449 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery (SSRF). The document editor service can be abused to read and serve arbitrary URLs as a document.

Learn more about our Cis Benchmark Audit For Microsoft Office.