admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-256xx/CVE-2021-25631.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

147 lines
4.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-25631",
"sourceIdentifier": "security@documentfoundation.org",
"published": "2021-05-03T12:15:07.417",
"lastModified": "2024-11-21T05:55:10.970",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type."
},
{
"lang": "es",
"value": "En la serie LibreOffice 7-1 en versiones anteriores a 7.1.2, y en la serie 7-0 en versiones anteriores a 7.0.5, la denylist puede ser omitida al manipular el enlace para que no coincida con la denylist pero resulte en ShellExecute intentando iniciar un tipo ejecutable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"baseScore": 9.3,
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "security@documentfoundation.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-184"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.5",
"matchCriteriaId": "37496EEC-C63C-46DE-92F2-A29DECF95EE2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.1.0",
"versionEndExcluding": "7.1.2",
"matchCriteriaId": "BA884385-2527-4F68-9FD5-67ECD9A89F42"
}
]
}
]
}
],
"references": [
{
"url": "https://positive.security/blog/url-open-rce#open-libreoffice",
"source": "security@documentfoundation.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/",
"source": "security@documentfoundation.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://positive.security/blog/url-open-rce#open-libreoffice",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink