CVE-2020-28169

Exploit

EPSS 1.62%
Published 24.12.2020 15:15:12
Last modified 21.11.2024 05:22:25
Source cve@mitre.org
CVE-Watchlists
Login
Open
Login

The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM.

Affected products Warnungen 0 Metrics 3 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Td-agent-builder Project ≫ Td-agent-builder SwPlatformfluentd Version < 2020-12-18

Microsoft ≫ Windows Version-

Debian ≫ Debian Linux Version10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.62%	0.81

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://www.debian.org/security/2021/dsa-4949

Third Party Advisory

http://packetstormsecurity.com/files/160791/Fluentd-TD-agent-4.0.1-Insecure-Folder-Permission.html

Third Party Advisory

Exploit

VDB Entry

https://docs.fluentd.org/installation/install-by-msi

Vendor Advisory

Product

https://github.com/fluent-plugins-nursery/td-agent-builder/pull/247/commits/6f9cb6393392d62caa99907c0ebbcbab6b94a3f1

Patch

Third Party Advisory

https://github.com/fluent/fluentd/issues/3201

Third Party Advisory

Exploit

Issue Tracking

https://github.com/kenhys/td-agent-builder/commit/eec6e2dedf12f2e0c01c2bbe7b8c15b639b3b938

Patch

Third Party Advisory

https://td-agent-package-browser.herokuapp.com/4/windows

Third Party Advisory

https://www.fluentd.org/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-28169

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-28169

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-28169

EUVD