CVE-2021-25631

Exploit

EPSS 1.32%
Published 03.05.2021 12:15:07
Last modified 21.11.2024 05:55:10
Source security@documentfoundation.or
Teams watchlist Login
Open Login

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Libreoffice ≫ Libreoffice Version >= 7.0.0 < 7.0.5

Libreoffice ≫ Libreoffice Version >= 7.1.0 < 7.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.32%	0.79

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-184 Incomplete List of Disallowed Inputs

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.

https://positive.security/blog/url-open-rce#open-libreoffice

Third Party Advisory

Exploit

https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-25631

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-25631

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-25631

EUVD