2024-01-22 14:00:35 +00:00
{
"data_version" : "4.0" ,
"data_type" : "CVE" ,
"data_format" : "MITRE" ,
"CVE_data_meta" : {
"ID" : "CVE-2020-36771" ,
"ASSIGNER" : "secalert@redhat.com" ,
"STATE" : "PUBLIC"
} ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
"value" : "CloudLinux\n CageFS 7.1.1-1 or below passes the authentication token as command line\n argument. In some configurations this allows local users to view it via\n the process list and gain code execution as another user.\n\n\n"
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "CWE-214 Invocation of Process Using Visible Sensitive Information" ,
"cweId" : "CWE-214"
}
]
}
]
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "Cloudlinux OS" ,
"product" : {
"product_data" : [
{
"product_name" : "cagefs" ,
"version" : {
"version_data" : [
{
"version_value" : "not down converted" ,
"x_cve_json_5_version_data" : {
"versions" : [
{
"status" : "affected" ,
"version" : "7.1.1-1"
} ,
{
"status" : "unaffected" ,
"version" : "7.1.2-2"
}
] ,
"defaultStatus" : "unknown"
}
}
]
}
}
]
}
}
]
}
} ,
"references" : {
"reference_data" : [
{
"url" : "https://blog.cloudlinux.com/cagefs-lve-wrappers-and-bsock-have-been-rolled-out-to-100" ,
"refsource" : "MISC" ,
"name" : "https://blog.cloudlinux.com/cagefs-lve-wrappers-and-bsock-have-been-rolled-out-to-100"
2024-01-26 17:00:34 +00:00
} ,
{
"url" : "http://seclists.org/fulldisclosure/2024/Jan/24" ,
"refsource" : "MISC" ,
"name" : "http://seclists.org/fulldisclosure/2024/Jan/24"
2024-01-26 18:00:35 +00:00
} ,
{
"url" : "http://packetstormsecurity.com/files/176790/CloudLinux-CageFS-7.1.1-1-Token-Disclosure.html" ,
"refsource" : "MISC" ,
"name" : "http://packetstormsecurity.com/files/176790/CloudLinux-CageFS-7.1.1-1-Token-Disclosure.html"
2024-01-22 14:00:35 +00:00
}
]
} ,
"generator" : {
"engine" : "Vulnogram 0.1.0-dev"
} ,
"source" : {
"discovery" : "EXTERNAL"
} ,
"credits" : [
{
"lang" : "en" ,
"value" : "David Lisa Gnedt (SBA Research)"
}
]
}
