CVE-2024-37311 Remote host TLS certificates are not fully verified

Impact

In affected versions of Collabora Online, https connections from coolwsd to other hosts may incompletely verify the remote host's certificate's against the full chain of trust

Patches

Users should upgrade to

Collabora Online 24.04.4.3 or higher;
Collabora Online 23.05.14.1 or higher;
Collabora Online 22.05.23.1 or higher;

For more information

See SSL configuration section of the Configuration guide if upgrading triggers invalid certificate warnings

https://sdk.collaboraonline.com/docs/installation/Configuration.html#ssl-configuration

If you have any questions or comments about this advisory:

Open an issue in CollaboraOnline/online

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2024-37311 Remote host TLS certificates are not fully verified

Package

Affected versions

Patched versions

Description

Impact

Patches

For more information

Severity

CVE ID

Weaknesses