Floragasse 7 – 5th floor, 1040 Vienna
Subscribe to our Newsletter

News

SBA Security Advisory – CloudLinux CageFS – Token Disclosure (CVE-2020-36771)

Vulnerability Overview

CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user.

  • Type of Vulnerability: Invocation of Process Using Visible Sensitive Information
  • Fixed in Version: 7.1.2-2
  • CVE ID: CVE-2020-36771
  • CVSSv3.1 Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVSSv3.1 Base Score: 7.8 (High)

Recommended Countermeasure

We recommend to update CloudLinux CageFS to version 7.1.2-2 or later. For further details, see the full security advisory.

Links

Full Security Advisory

Credits