HIGH🇬🇧 English

CVE-2020-36771

CVSS 7.8v3.1pub. 2024-01-22upd. 2025-06-20

CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Cloudlinux Cagefs

    APP
    Cloudlinux
    < 7.1.2-2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2020-36772MEDIUM4.4ten sam produkt

CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command....

CVE-2025-65530HIGH8.8ten sam vendor

An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attacker...

CVE-2021-21956HIGH7.8ten sam vendor

A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A sp...