CVE-2020-36772

low-risk
Published 2024-01-22

CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment.

Do I need to act?

-
0.02% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.4/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Cagefs

Affected Vendors

Cloudlinux

References (8)

Exploit http://packetstormsecurity.com/files/176791/CloudLinux-CageFS-7.0.8-2-Insufficie...
Exploit http://seclists.org/fulldisclosure/2024/Jan/25
Release Notes https://blog.cloudlinux.com/lve-manager-lve-stats-lve-utils-and-alt-python27-cll...
https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-02_C...
Exploit http://packetstormsecurity.com/files/176791/CloudLinux-CageFS-7.0.8-2-Insufficie...
Exploit http://seclists.org/fulldisclosure/2024/Jan/25
Release Notes https://blog.cloudlinux.com/lve-manager-lve-stats-lve-utils-and-alt-python27-cll...
https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-02_C...
20
/ 100
low-risk
Severity 15/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal