Cloudflare cloudflared 后置链接漏洞

Cloudflare cloudflared is a cloud server security management platform from American company Cloudflare. The platform provides firewall analysis, cache control, role-based access, and more. A security vulnerability exists in Cloudflare cloudflared Windows 32-bit version 2023.3.0 and earlier, which...

PT-2023-16886 · Cloudflare · Cloudflared

Name of the Vulnerable Software and Affected Versions: cloudflared versions = 2023.3.0 Description: A vulnerability has been discovered in cloudflared's installer for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affect...

Experts Identify Fully-Featured Info Stealer and Trojan in Python Package on PyPI

A malicious Python package uploaded to the Python Package Index PyPI has been found to contain a fully-featured information stealer and remote access trojan. The package, named colourfool , was identified by Kroll's Cyber Threat Intelligence team, with the company calling the malware Colour-Blind...

Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls

In yet another campaign targeting the Python Package Index PyPI repository, six malicious packages have been found deploying information stealers on developer systems. The now-removed packages, which were discovered by Phylum between December 22 and December 31, 2022, include pyrologin,...

Privilege Escalation

github.com/cloudflare/cloudflared is vulnerable to privilege escalation. The way cloudflared reads its configuration file from C:\etc as default directory allows setting of an attacker-controlled log file location via malformed config.yaml file to escalate privileges and execute system-level...

GHSA-HGWP-4VP4-QMM2 Local Privilege Escalation in cloudflared

In cloudflared versions 2020.8.1 corresponding to 0.0.0-20200820025921-9323844ea773 on pkg.go.dev on Windows, if an administrator has started cloudflared and set it to read configuration files from a certain directory, an unprivileged user can exploit a misconfiguration in order to escalate...

Local Privilege Escalation in cloudflared

In cloudflared versions 2020.8.1 corresponding to 0.0.0-20200820025921-9323844ea773 on pkg.go.dev on Windows, if an administrator has started cloudflared and set it to read configuration files from a certain directory, an unprivileged user can exploit a misconfiguration in order to escalate...

CVE-2020-24356

cloudflared versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. When run on a Windows system, cloudflared searches for configuration files which could be abused by a malicious entity to execute commands as a privileged user. Version 2020.8.1 fixes thi...

CVE-2020-24356

cloudflared versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. When run on a Windows system, cloudflared searches for configuration files which could be abused by a malicious entity to execute commands as a privileged user. Version 2020.8.1 fixes thi...

Privilege escalation

cloudflared versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. When run on a Windows system, cloudflared searches for configuration files which could be abused by a malicious entity to execute commands as a privileged user. Version 2020.8.1 fixes thi...

CVE-2020-24356

Cloudflared on Windows prior to 2020.8.1 is affected by a local privilege escalation. The vulnerability arises from how cloudflared searches for and reads configuration files; a misconfiguration in a malformed config.yaml can cause the program to write logs or execute commands via a user-controll...

CVE-2020-24356 Local Privilege Escalation in cloudflared

cloudflared versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. When run on a Windows system, cloudflared searches for configuration files which could be abused by a malicious entity to execute commands as a privileged user. Version 2020.8.1 fixes thi...

PT-2020-15704 · Cloudflare · Cloudflared

Name of the Vulnerable Software and Affected Versions: cloudflared versions prior to 2020.8.1 Description: The issue allows for local privilege escalation on Windows systems due to the way cloudflared searches for and reads configuration files. This could be exploited by a malicious entity to...