HIGH🇵🇱 Wersja polska

CVE-2021-25630

CVSS 7.8v3.1pub. 2021-02-23upd. 2024-11-21

"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of "loolforkit" this check was wrong, so a normal user could start "loolforkit" and eventually get local root privileges.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Collaboraoffice Online

    APP
    Collaboraoffice
    4.2.0 – 4.2.13 (bez)6.4.0 – 6.4.3 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-49782HIGH7.1ten sam vendor

Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud wi...

CVE-2023-49788HIGH7.2ten sam vendor

Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone d...

CVE-2023-48314HIGH7.1ten sam vendor

Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud wi...

CVE-2023-34088HIGH8.7ten sam vendor

Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was...

CVE-2024-29182MEDIUM6.1ten sam vendor

Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vu...