CVE-2022-45175 Information

Description

An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/ID-FILE]/c/N]/C]/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by guessing the file ID of a target file.

Reference

https://www.gruppotim.it/it/footer/red-team.html