CVE-2020-36772
4.4
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Exploitability: 1.8 / Impact: 2.5
Source: NVD
Description
CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment.
Affected (1)
Products: Cloudlinux: Cagefs
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 7.1.1-1 |
Related CWEs
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
CWE-73
External Control of File Name or Path
The product allows user input to control or influence paths or file names that are used in filesystem operations.
References (8)
Source: secalert@redhat.com
ExploitThird Party AdvisoryVDB Entry
Source: secalert@redhat.com
ExploitMailing ListThird Party Advisory
Source: secalert@redhat.com
Release Notes
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.