CVE-2020-36772

Sažetak

CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment.

Reference

http://packetstormsecurity.com/files/176791/CloudLinux-CageFS-7.0.8-2-Insufficiently-Restricted-Proxy-Command.html
http://seclists.org/fulldisclosure/2024/Jan/25
https://blog.cloudlinux.com/lve-manager-lve-stats-lve-utils-and-alt-python27-cllib-have-been-rolled-out-to-100
https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-02_CloudLinux_CageFS_Insufficiently_Restricted_Proxy_Commands
http://packetstormsecurity.com/files/176791/CloudLinux-CageFS-7.0.8-2-Insufficiently-Restricted-Proxy-Command.html
http://seclists.org/fulldisclosure/2024/Jan/25
https://blog.cloudlinux.com/lve-manager-lve-stats-lve-utils-and-alt-python27-cllib-have-been-rolled-out-to-100
https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-02_CloudLinux_CageFS_Insufficiently_Restricted_Proxy_Commands

CVSS

Base:	4.4
Impact:	2.5
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Zadnje važnije ažuriranje

30-05-2025 - 15:15

Objavljeno

22-01-2024 - 15:15