Vulnerabilities > CVE-2020-36771 - Unspecified vulnerability in Cloudlinux Cagefs 7.1.11

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

cloudlinux

NVD

Published: 2024-01-22

Updated: 2024-03-28

Summary

CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user.

Vulnerable Configurations

Part	Description	Count
Application	Cloudlinux Cloudlinux Cagefs - Cloudlinux Cagefs 7.1.1-1	2

References

https://blog.cloudlinux.com/cagefs-lve-wrappers-and-bsock-have-been-rolled-out-to-100
http://seclists.org/fulldisclosure/2024/Jan/24
http://packetstormsecurity.com/files/176790/CloudLinux-CageFS-7.1.1-1-Token-Disclosure.html
https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-01_CloudLinux_CageFS_Token_Disclosure