CVE-2020-28169 — HIGH (7.0)

Q: How severe is CVE-2020-28169?

CVE-2020-28169 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-28169?

Check the references section above for vendor advisories and patch information. Affected products include: Td-Agent-Builder Project Td-Agent-Builder, Microsoft Windows, Debian Debian Linux.

Vulnerability Description

The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM.

CVSS Score

7.0

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Td-Agent-Builder Project	Td-Agent-Builder	< 2020-12-18
Microsoft	Windows	-
Debian	Debian Linux	10.0

Related Weaknesses (CWE)

CWE-732

References

http://packetstormsecurity.com/files/160791/Fluentd-TD-agent-4.0.1-Insecure-FoldExploitThird Party AdvisoryVDB Entry
https://docs.fluentd.org/installation/install-by-msiProductVendor Advisory
https://github.com/fluent-plugins-nursery/td-agent-builder/pull/247/commits/6f9cPatchThird Party Advisory
https://github.com/fluent/fluentd/issues/3201ExploitIssue TrackingThird Party Advisory
https://github.com/kenhys/td-agent-builder/commit/eec6e2dedf12f2e0c01c2bbe7b8c15PatchThird Party Advisory
https://td-agent-package-browser.herokuapp.com/4/windowsThird Party Advisory
https://www.debian.org/security/2021/dsa-4949Third Party Advisory
https://www.fluentd.org/Vendor Advisory
http://packetstormsecurity.com/files/160791/Fluentd-TD-agent-4.0.1-Insecure-FoldExploitThird Party AdvisoryVDB Entry
https://docs.fluentd.org/installation/install-by-msiProductVendor Advisory
https://github.com/fluent-plugins-nursery/td-agent-builder/pull/247/commits/6f9cPatchThird Party Advisory
https://github.com/fluent/fluentd/issues/3201ExploitIssue TrackingThird Party Advisory
https://github.com/kenhys/td-agent-builder/commit/eec6e2dedf12f2e0c01c2bbe7b8c15PatchThird Party Advisory
https://td-agent-package-browser.herokuapp.com/4/windowsThird Party Advisory
https://www.debian.org/security/2021/dsa-4949Third Party Advisory

FAQ

What is CVE-2020-28169?

CVE-2020-28169 is a vulnerability with a CVSS score of 7.0 (HIGH). The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYS...

How severe is CVE-2020-28169?

CVE-2020-28169 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-28169?

Check the references section above for vendor advisories and patch information. Affected products include: Td-Agent-Builder Project Td-Agent-Builder, Microsoft Windows, Debian Debian Linux.