CVE-2020-28169
Summary
| CVE | CVE-2020-28169 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2020-12-24 15:15:00 UTC |
|---|
| Updated | 2022-04-05 16:04:00 UTC |
|---|
| Description | The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Possible Vulnerability · Issue #3201 · fluent/fluentd · GitHub |
CONFIRM |
github.com |
Exploit, Third Party Advisory |
| Fluentd TD-agent 4.0.1 Insecure Folder Permission ≈ Packet Storm |
MISC |
packetstormsecurity.com |
|
| Index of packages.treasuredata.com/4/windows |
MISC |
td-agent-package-browser.herokuapp.com |
Third Party Advisory |
| Debian -- Security Information -- DSA-4949-1 jetty9 |
DEBIAN |
www.debian.org |
|
| Fluentd | Open Source Data Collector | Unified Logging Layer |
MISC |
www.fluentd.org |
Vendor Advisory |
| Install by .msi Installer (Windows) - Fluentd |
MISC |
docs.fluentd.org |
Product, Vendor Advisory |
| windows: mitigate possible escalation of privileges by kenhys · Pull Request #247 · fluent-plugins-nursery/td-agent-builder · GitHub |
CONFIRM |
github.com |
|
| windows: mitigate possible escalation of privileges · kenhys/td-agent-builder@eec6e2d · GitHub |
CONFIRM |
github.com |
Patch, Third Party Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 178738 Debian Security Update for jetty9 (DSA 4949-1)
