CVE-2020-24356

`cloudflared` versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. When run on a Windows system, `cloudflared` searches for configuration files which could be abused by a malicious entity to execute commands as a privileged user. Version 2020.8.1 fixes this issue.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cloudflare:cloudflared:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-10-02 15:15

Updated : 2023-12-10 13:41


NVD link : CVE-2020-24356

Mitre link : CVE-2020-24356

CVE.ORG link : CVE-2020-24356


JSON object : View

Products Affected

cloudflare

  • cloudflared
CWE
CWE-427

Uncontrolled Search Path Element