HIGH🇬🇧 English

CVE-2021-25630

CVSS 7.8v3.1pub. 2021-02-23upd. 2024-11-21

"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of "loolforkit" this check was wrong, so a normal user could start "loolforkit" and eventually get local root privileges.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Collaboraoffice Online

    APP
    Collaboraoffice
    4.2.0 – 4.2.13 (bez)6.4.0 – 6.4.3 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-49782HIGH7.1ten sam vendor

Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud wi...

CVE-2023-49788HIGH7.2ten sam vendor

Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone d...

CVE-2023-48314HIGH7.1ten sam vendor

Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud wi...

CVE-2023-34088HIGH8.7ten sam vendor

Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was...

CVE-2024-29182MEDIUM6.1ten sam vendor

Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vu...