github - ghsa-67cj-mh2q-5g8c

ghsa-67cj-mh2q-5g8c

Vulnerability from github

Published

2022-05-24 19:16

Modified

2022-07-30 00:00

Severity

7.8 (High) - CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. Users who installed the Apache OpenOffice 4.1.8 DEB packaging should upgrade to the latest version of Apache OpenOffice.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-28129"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-07T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. Users who installed the Apache OpenOffice 4.1.8 DEB packaging should upgrade to the latest version of Apache OpenOffice.",
  "id": "GHSA-67cj-mh2q-5g8c",
  "modified": "2022-07-30T00:00:35Z",
  "published": "2022-05-24T19:16:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28129"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9e72234dd662280fa1a3cca6164d3470a1dbc0d8e53e48ba27f787ce@%3Cannounce.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc9090ab48b4699494b63b35cd6d7414c52d665ecae12add3cdc56c9b%40%3Cusers.openoffice.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc9090ab48b4699494b63b35cd6d7414c52d665ecae12add3cdc56c9b@%3Cusers.openoffice.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/10/07/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2021-28129

Vulnerability from cvelistv5

Published

2021-10-07 15:50

Modified

2024-08-03 21:33

Severity

Summary

DEB packaging for Apache OpenOffice 4.1.8 installed with a non-root userid and groupid

References

URL	Tags
https://lists.apache.org/thread.html/rc9090ab48b4699494b63b35cd6d7414c52d665ecae12add3cdc56c9b%40%3Cusers.openoffice.apache.org%3E	x_refsource_MISC
https://lists.apache.org/thread.html/r9e72234dd662280fa1a3cca6164d3470a1dbc0d8e53e48ba27f787ce%40%3Cannounce.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rc9090ab48b4699494b63b35cd6d7414c52d665ecae12add3cdc56c9b%40%3Cusers.openoffice.apache.org%3E	mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/10/07/5	mailing-list, x_refsource_MLIST

Impacted products

Vendor	Product
Apache Software Foundation	Apache OpenOffice

Show details on NVD website