Privilege escalation in Fluentd td-agent-builder plugin
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2020-28169 |
| CWE-ID | CWE-732 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
td-agent-builder Universal components / Libraries / Programming Languages & Components |
| Vendor |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Incorrect permission assignment for critical resource
EUVDB-ID: #VU55644
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28169
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect permissions assignment for the bin directory in the td-agent-builder plugin for Fluentd. A local user overwrite arbitrary files in the bin directory, which are later executed with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionstd-agent-builder: before 2020-12-18
External linkshttp://github.com/kenhys/td-agent-builder/commit/eec6e2dedf12f2e0c01c2bbe7b8c15b639b3b938
http://www.fluentd.org/
http://td-agent-package-browser.herokuapp.com/4/windows
http://docs.fluentd.org/installation/install-by-msi
http://github.com/fluent/fluentd/issues/3201
http://github.com/fluent-plugins-nursery/td-agent-builder/pull/247/commits/6f9cb6393392d62caa99907c0ebbcbab6b94a3f1
http://packetstormsecurity.com/files/160791/Fluentd-TD-agent-4.0.1-Insecure-Folder-Permission.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
