CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/176791/CloudLinux-CageFS-7.0.8-2-Insufficiently-Restricted-Proxy-Command.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2024/Jan/25 | Exploit Mailing List Third Party Advisory |
https://blog.cloudlinux.com/lve-manager-lve-stats-lve-utils-and-alt-python27-cllib-have-been-rolled-out-to-100 | Release Notes |
https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-02_CloudLinux_CageFS_Insufficiently_Restricted_Proxy_Commands |
Configurations
History
28 Mar 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment. | |
References |
|
29 Jan 2024, 17:32
Type | Values Removed | Values Added |
---|---|---|
First Time |
Cloudlinux
Cloudlinux cagefs |
|
CPE | cpe:2.3:a:cloudlinux:cagefs:*:*:*:*:*:*:*:* | |
References | () http://packetstormsecurity.com/files/176791/CloudLinux-CageFS-7.0.8-2-Insufficiently-Restricted-Proxy-Command.html - Exploit, Third Party Advisory, VDB Entry | |
References | () http://seclists.org/fulldisclosure/2024/Jan/25 - Exploit, Mailing List, Third Party Advisory | |
References | () https://blog.cloudlinux.com/lve-manager-lve-stats-lve-utils-and-alt-python27-cllib-have-been-rolled-out-to-100 - Release Notes | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.4 |
CWE | CWE-610 |
26 Jan 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Jan 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References |
|
22 Jan 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-22 15:15
Updated : 2024-03-28 19:15
NVD link : CVE-2020-36772
Mitre link : CVE-2020-36772
CVE.ORG link : CVE-2020-36772
JSON object : View
Products Affected
cloudlinux
- cagefs