CVE-2020-36772

Summary

CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment.

Affected Software

VendorProductVersion RangeStatus
Cloudlinux OScagefs7.0.8-2affected
Cloudlinux OScagefs7.1.1-1unaffected

Weaknesses

  • CWE-73: CWE-73 External Control of File Name or Path

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References