CVE-2020-36772 : CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied

CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment.

Published 2024-01-22 15:15:08

Updated 2024-03-28 19:15:47

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: File inclusion

Products affected by CVE-2020-36772

Cloudlinux » Cagefs
Versions before (<) 7.1.1-1
cpe:2.3:a:cloudlinux:cagefs:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-36772

EPSS FAQ

0.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 4 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-36772

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.4	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	1.8	2.5	NIST	2024-01-29
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None

CWE ids for CVE-2020-36772

CWE-73 External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

Assigned by: secalert@redhat.com (Secondary)
CWE-610 Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-36772

https://blog.cloudlinux.com/lve-manager-lve-stats-lve-utils-and-alt-python27-cllib-have-been-rolled-out-to-100

LVE Manager, LVE-Stats, LVE-Utils and Alt-Python27-Cllib have been rolled out to 100%
Release Notes
http://seclists.org/fulldisclosure/2024/Jan/25

Full Disclosure: [SBA-ADV-20200707-02] CVE-2020-36772: CloudLinux CageFS 7.0.8-2 or below Insufficiently Restricted Proxy Command
Exploit;Mailing List;Third Party Advisory
http://packetstormsecurity.com/files/176791/CloudLinux-CageFS-7.0.8-2-Insufficiently-Restricted-Proxy-Command.html

CloudLinux CageFS 7.0.8-2 Insufficiently Restricted Proxy Command ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry
https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-02_CloudLinux_CageFS_Insufficiently_Restricted_Proxy_Commands

advisories/2020/SBA-ADV-20200707-02_CloudLinux_CageFS_Insufficiently_Restricted_Proxy_Commands at public · sbaresearch/advisories · GitHub

Jump to

Vulnerability Details : CVE-2020-36772

Products affected by CVE-2020-36772

Exploit prediction scoring system (EPSS) score for CVE-2020-36772

CVSS scores for CVE-2020-36772

CWE ids for CVE-2020-36772

References for CVE-2020-36772