CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-25630

"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of "loolforkit" this check was wrong, so a normal user could start "loolforkit" and eventually get local root privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 11.1%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 7.2

References

https://github.com/CollaboraOnline/online/security/advisories/GHSA-49w3-gr3w-m68v
https://www.openwall.com/lists/oss-security/2021/01/18/3
https://github.com/CollaboraOnline/online/security/advisories/GHSA-49w3-gr3w-m68v
https://www.openwall.com/lists/oss-security/2021/01/18/3

Products affected by CVE-2021-25630

Collaboraoffice » Online » Version: Any

cpe:2.3:a:collaboraoffice:online:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-25630

Products

Pricing

Contact Us