CVE-2021-25630

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-25630

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25630.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-25630

Related

GHSA-49w3-gr3w-m68v

Published

2021-02-23T16:15:13.253Z

Modified

2026-03-13T22:14:13.904262Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of "loolforkit" this check was wrong, so a normal user could start "loolforkit" and eventually get local root privileges.

References

Affected packages

Git / github.com/CollaboraOnline/online

Affected ranges

Type

GIT

Repo

https://github.com/CollaboraOnline/online

Events

Introduced

21e4a62e3258b62f8ba5adf04984fffd41e98819

Fixed

29e7c10be61643f598bd9fa50d592703dcee7592

Database specific

{
    "versions": [
        {
            "introduced": "4.2.0"
        },
        {
            "fixed": "4.2.13"
        }
    ]
}

Affected versions

Other

co-4-2-0-branch-point

libreoffice-7-0-branch-point

cp-4.*

cp-4.2.11-1

cp-4.2.12-1

cp-4.2.12-2

cp-4.2.4-1

cp-4.2.4-2

cp-4.2.9-1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25630.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "6.4.0"
            },
            {
                "fixed": "6.4.3"
            }
        ]
    }
]