PT-2021-17762 · Apache · Apache Openoffice+1

Arrigo Marchiori

Published

2021-09-23

Updated

2022-07-29

CVE-2021-28129

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Apache OpenOffice version 4.1.8

Description: A developer discovered that the DEB package of Apache OpenOffice did not install using root, but instead used a userid and groupid of 500. This caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist.

Recommendations: For Apache OpenOffice version 4.1.8, upgrade to the latest version of Apache OpenOffice.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2021-28129

Affected Products

Apache Openoffice

Openoffice

PT-2021-17762 · Apache · Apache Openoffice+1

CVE-2021-28129

Weakness Enumeration

Related Identifiers

Affected Products

References · 6