CVE-2020-36772

Опубликовано: 22 янв. 2024

Источник: nvd

CVSS3: 4.4

EPSS Низкий

Описание

CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment.

Ссылки

http://packetstormsecurity.com/files/176791/CloudLinux-CageFS-7.0.8-2-Insufficiently-Restricted-Proxy-Command.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2024/Jan/25
Exploit
Mailing List
Third Party Advisory
https://blog.cloudlinux.com/lve-manager-lve-stats-lve-utils-and-alt-python27-cllib-have-been-rolled-out-to-100
Release Notes
https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-02_CloudLinux_CageFS_Insufficiently_Restricted_Proxy_Commands
http://packetstormsecurity.com/files/176791/CloudLinux-CageFS-7.0.8-2-Insufficiently-Restricted-Proxy-Command.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2024/Jan/25
Exploit
Mailing List
Third Party Advisory
https://blog.cloudlinux.com/lve-manager-lve-stats-lve-utils-and-alt-python27-cllib-have-been-rolled-out-to-100
Release Notes
https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-02_CloudLinux_CageFS_Insufficiently_Restricted_Proxy_Commands

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cloudlinux:cagefs:*:*:*:*:*:*:*:*

Версия до 7.1.1-1 (исключая)

EPSS

Процентиль: 6%

0.00024

Низкий

4.4 Medium

CVSS3

Дефекты

CWE-73

CWE-610

Связанные уязвимости

GHSA-xcjc-c88c-v52w