vulnerability

Apache OpenOffice: CVE-2021-28129: DEB packaging installed with a non-root userid and groupid

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:N/C:P/I:P/A:P)	Oct 7, 2021	Sep 12, 2025	Sep 12, 2025

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:P/A:P)

Published

Oct 7, 2021

Added

Sep 12, 2025

Modified

Sep 12, 2025

Description

While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. Users who installed the Apache OpenOffice 4.1.8 DEB packaging should upgrade to the latest version of Apache OpenOffice.

Solution

apache-openoffice-upgrade-latest

References

CWE-284
CVE-2021-28129
https://attackerkb.com/topics/CVE-2021-28129
URL-https://www.openoffice.org/security/cves/CVE-2021-28129.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today