CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment.
oryginał ENCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NCloudlinux Cagefs
APPCloudlinux< 7.1.1-1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Referencje
Powiązane podatności
CVE-2020-36771HIGH7.8ten sam produkt
CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configu...
CVE-2025-65530HIGH8.8ten sam vendor
An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attacker...
CVE-2021-21956HIGH7.8ten sam vendor
A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A sp...