Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-28169 — Incorrect Permission Assignment in Project Td-agent-builder

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

7.0HIGHNVD

EPSS

1.6%

top 18.11%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Td-agent-builder Project Td-agent-builder Debian Linux

Timeline

PublishedDec 24

Latest updateMay 24

Description

The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages1 packages

▶NVDtd-agent-builder_project/td-agent-builder< 2020-12-18

Also affects: Debian Linux 10.0

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-qh64-cxhv-8756: The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account,↗2022-05-24

▶

💥Exploits & PoCs

Exploit-DB

Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission↗2021-01-05

▶