Lucene search

[email protected]NVD:CVE-2020-36772

HistoryJan 22, 2024 - 3:15 p.m.

CVE-2020-36772

2024-01-2215:15:07

CWE-610

CWE-73

[email protected]

web.nvd.nist.gov

cloudlinux

cagefs

file paths

sendmail proxy

local users

arbitrary files

file formats

security vulnerability

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

4.7

Confidence

High

EPSS

Percentile

5.1%

JSON

CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment.

Affected configurations

Nvd

Node

cloudlinuxcagefsRange<7.1.1-1

VendorProductVersionCPE
cloudlinuxcagefs*cpe:2.3:a:cloudlinux:cagefs:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cloudlinux	cagefs	*	cpe:2.3:a:cloudlinux:cagefs::::::::

References

packetstormsecurity.com/files/176791/CloudLinux-CageFS-7.0.8-2-Insufficiently-Restricted-Proxy-Command.html

seclists.org/fulldisclosure/2024/Jan/25

blog.cloudlinux.com/lve-manager-lve-stats-lve-utils-and-alt-python27-cllib-have-been-rolled-out-to-100

github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-02_CloudLinux_CageFS_Insufficiently_Restricted_Proxy_Commands

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

4.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2020-36772

cvelist1 prion1 cve1 packetstorm1 zdt1