Uncontrolled Search Path Element

CVE-2020-24356

High

7.8/10

Summary

`cloudflared` versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. When run on a Windows system, `cloudflared` searches for configuration files which could be abused by a malicious entity to execute commands as a privileged user. Version 2020.8.1 fixes this issue.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-427 - Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References

Advisory
Advisory

Advisory Timeline

Published Oct 02, 2020

Uncontrolled Search Path Element

CVE-2020-24356

Summary

CWE-427 - Uncontrolled Search Path Element

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS