CVE-2020-28169 – Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission

https://notcve.org/view.php?id=CVE-2020-28169

The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM. El plugin td-agent-builder antes del 18-12-2020 para Fluentd permite a atacantes alcanzar privilegios porque el directorio bin es escribible por una cuenta de usuario, pero un archivo en bin es ejecutado como NT AUTHORITY\SYSTEM Fluentd TD-agent plugin version 4.0.1 suffers from an insecure folder permission vulnerability. • https://www.exploit-db.com/exploits/49363 https://github.com/zubrahzz/FluentD-TD-agent-Exploit-CVE-2020-28169 http://packetstormsecurity.com/files/160791/Fluentd-TD-agent-4.0.1-Insecure-Folder-Permission.html https://docs.fluentd.org/installation/install-by-msi https://github.com/fluent-plugins-nursery/td-agent-builder/pull/247/commits/6f9cb6393392d62caa99907c0ebbcbab6b94a3f1 https://github.com/fluent/fluentd/issues/3201 https://github.com/kenhys/td-agent-builder/commit/eec6e2dedf12f2e0c01c2bbe7b8c15b639b3b938 https:& • CWE-732: Incorrect Permission Assignment for Critical Resource •