Lucene search
RedhatCVELIST:CVE-2020-36772HistoryJan 22, 2024 - 2:11 p.m.
CVE-2020-36772
2024-01-2214:11:25
CWE-73
redhat
www.cve.org
2
cloudlinux
cagefs
security bypass
file restriction
CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment.
CNA Affected
[
{
"defaultStatus": "affected",
"product": "cagefs",
"vendor": "Cloudlinux OS",
"versions": [
{
"status": "affected",
"version": "7.0.8-2"
},
{
"status": "unaffected",
"version": "7.1.1-1"
}
]
}
]References
packetstormsecurity.com/files/176791/CloudLinux-CageFS-7.0.8-2-Insufficiently-Restricted-Proxy-Command.html
seclists.org/fulldisclosure/2024/Jan/25
blog.cloudlinux.com/lve-manager-lve-stats-lve-utils-and-alt-python27-cllib-have-been-rolled-out-to-100
github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-02_CloudLinux_CageFS_Insufficiently_Restricted_Proxy_Commands
Related
nvd
nvd
CVE-2020-36772
2024-01-22 15:15:07
prion
prion
Command injection
2024-01-22 15:15:00
cve
cve
CVE-2020-36772
2024-01-22 15:15:07
packetstorm
packetstorm
CloudLinux CageFS 7.0.8-2 Insufficiently Restricted Proxy Command
2024-01-26 00:00:00
zdt
zdt