CVE-2020-21514 : An issue was discovered in Fluent-ui v.1.2.2 allows attackers to gain escalated

An issue was discovered in Fluent-ui v.1.2.2 allows attackers to gain escalated privileges and execute arbitrary code due to a default password.

Published 2023-04-04 15:15:08

Updated 2025-06-09 14:15:22

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2020-21514

Fluentd » Fluentd » Version: 1.8.0
cpe:2.3:a:fluentd:fluentd:1.8.0:-:*:*:*:*:*:*
Matching versions
Fluentd » Fluentd-ui » Version: 1.2.2
cpe:2.3:a:fluentd:fluentd-ui:1.2.2:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 22 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-02-13
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

https://github.com/fluent/fluentd/issues/2722

There is a remote command execution vulnerability on version 0.12-1.0 · Issue #295 · fluent/fluentd-ui · GitHub
Exploit;Issue Tracking
https://github.com/fluent/fluentd-ui/issues/295

Jump to