Vulnerability Description
"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of "loolforkit" this check was wrong, so a normal user could start "loolforkit" and eventually get local root privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Collaboraoffice | Online | >= 4.2.0, < 4.2.13 |
Related Weaknesses (CWE)
References
- https://github.com/CollaboraOnline/online/security/advisories/GHSA-49w3-gr3w-m68Third Party Advisory
- https://www.openwall.com/lists/oss-security/2021/01/18/3Mailing ListThird Party Advisory
- https://github.com/CollaboraOnline/online/security/advisories/GHSA-49w3-gr3w-m68Third Party Advisory
- https://www.openwall.com/lists/oss-security/2021/01/18/3Mailing ListThird Party Advisory
FAQ
What is CVE-2021-25630?
CVE-2021-25630 is a vulnerability with a CVSS score of 7.8 (HIGH). "loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refu...
How severe is CVE-2021-25630?
CVE-2021-25630 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-25630?
Check the references section above for vendor advisories and patch information. Affected products include: Collaboraoffice Online.