Re: libreoffice-online "loolforkit" privileged program local root exploit

[Matthias Gerstner <mgerstner () suse de>]

On Mon, Jan 18, 2021 at 04:07:40PM +0100, Matthias Gerstner wrote:
> Formally libreoffice-online is covered by the "Document Foundation" CNA,
> therefore I did not request a CVE for this via the Mitre CVE form. I
> will try to contact the CNA directly in this matter.

The Document Foundation assigned CVE-2021-25630 for the missing
enforcement of only allowing the "loolforkit" user to access the
sensitive features of the program.

Cheers

Matthias

Attachment: signature.asc
Description: