CVE-2020-36771

low-risk
Published 2024-01-22

CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user.

Do I need to act?

-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (1)

Cagefs

Affected Vendors

Cloudlinux

References (8)

Exploit http://packetstormsecurity.com/files/176790/CloudLinux-CageFS-7.1.1-1-Token-Disc...
Exploit http://seclists.org/fulldisclosure/2024/Jan/24
Release Notes https://blog.cloudlinux.com/cagefs-lve-wrappers-and-bsock-have-been-rolled-out-t...
https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-01_C...
Exploit http://packetstormsecurity.com/files/176790/CloudLinux-CageFS-7.1.1-1-Token-Disc...
Exploit http://seclists.org/fulldisclosure/2024/Jan/24
Release Notes https://blog.cloudlinux.com/cagefs-lve-wrappers-and-bsock-have-been-rolled-out-t...
https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-01_C...
29
/ 100
low-risk
Severity 24/34 · High
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal