Vulnerability Description
CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cloudlinux | Cagefs | < 7.1.1-1 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/176791/CloudLinux-CageFS-7.0.8-2-InsufficieExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2024/Jan/25ExploitMailing ListThird Party Advisory
- https://blog.cloudlinux.com/lve-manager-lve-stats-lve-utils-and-alt-python27-cllRelease Notes
- https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-02_C
- http://packetstormsecurity.com/files/176791/CloudLinux-CageFS-7.0.8-2-InsufficieExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2024/Jan/25ExploitMailing ListThird Party Advisory
- https://blog.cloudlinux.com/lve-manager-lve-stats-lve-utils-and-alt-python27-cllRelease Notes
- https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-02_C
FAQ
What is CVE-2020-36772?
CVE-2020-36772 is a vulnerability with a CVSS score of 4.4 (MEDIUM). CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside...
How severe is CVE-2020-36772?
CVE-2020-36772 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-36772?
Check the references section above for vendor advisories and patch information. Affected products include: Cloudlinux Cagefs.