CVE-2020-36771

CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://packetstormsecurity.com/files/176790/CloudLinux-CageFS-7.1.1-1-Token-Disclosure.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2024/Jan/24	Exploit Mailing List Third Party Advisory
https://blog.cloudlinux.com/cagefs-lve-wrappers-and-bsock-have-been-rolled-out-to-100	Release Notes
https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-01_CloudLinux_CageFS_Token_Disclosure

Configurations

Configuration 1 (hide)

cpe:2.3:a:cloudlinux:cagefs:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-01-22 14:15

Updated : 2024-03-28 19:15

NVD link : CVE-2020-36771

Mitre link : CVE-2020-36771

CVE.ORG link : CVE-2020-36771

JSON object : View

Products Affected

cloudlinux

cagefs

CWE

NVD-CWE-noinfo CWE-214

Invocation of Process Using Visible Sensitive Information

{"id": "CVE-2020-36771", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-01-22T14:15:07.530", "references": [{"url": "http://packetstormsecurity.com/files/176790/CloudLinux-CageFS-7.1.1-1-Token-Disclosure.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/24", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://blog.cloudlinux.com/cagefs-lve-wrappers-and-bsock-have-been-rolled-out-to-100", "tags": ["Release Notes"], "source": "secalert@redhat.com"}, {"url": "https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-01_CloudLinux_CageFS_Token_Disclosure", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-214"}]}], "descriptions": [{"lang": "en", "value": "CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user."}, {"lang": "es", "value": "CloudLinux CageFS 7.1.1-1 o inferior pasa el token de autenticaci\u00f3n como argumento de l\u00ednea de comando. En algunas configuraciones, esto permite a los usuarios locales verlo a trav\u00e9s de la lista de procesos y obtener la ejecuci\u00f3n del c\u00f3digo como otro usuario."}], "lastModified": "2024-03-28T19:15:46.773", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cloudlinux:cagefs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A970581-1C5F-4406-BC05-10D09852BC5B", "versionEndExcluding": "7.1.2-2"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}