CVE-2020-28169

Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission

Severity Score

7.0

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM.

El plugin td-agent-builder antes del 18-12-2020 para Fluentd permite a atacantes alcanzar privilegios porque el directorio bin es escribible por una cuenta de usuario, pero un archivo en bin es ejecutado como NT AUTHORITY\SYSTEM

Fluentd TD-agent plugin version 4.0.1 suffers from an insecure folder permission vulnerability.

*Credits: N/A

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-11-02 CVE Reserved
2020-12-24 CVE Published
2020-12-24 First Exploit
2023-10-20 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-732: Incorrect Permission Assignment for Critical Resource

CAPEC

References (10)

URL	Tag	Source
https://td-agent-package-browser.herokuapp.com/4/windows	Third Party Advisory

URL	Date	SRC
https://www.exploit-db.com/exploits/49363	2021-01-05
https://github.com/zubrahzz/FluentD-TD-agent-Exploit-CVE-2020-28169	2020-12-24
http://packetstormsecurity.com/files/160791/Fluentd-TD-agent-4.0.1-Insecure-Folder-Permission.html	2024-08-04
https://github.com/fluent/fluentd/issues/3201	2024-08-04

URL	Date	SRC
https://github.com/fluent-plugins-nursery/td-agent-builder/pull/247/commits/6f9cb6393392d62caa99907c0ebbcbab6b94a3f1	2022-04-05
https://github.com/kenhys/td-agent-builder/commit/eec6e2dedf12f2e0c01c2bbe7b8c15b639b3b938	2022-04-05

URL	Date	SRC
https://docs.fluentd.org/installation/install-by-msi	2022-04-05
https://www.debian.org/security/2021/dsa-4949	2022-04-05
https://www.fluentd.org	2022-04-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Td-agent-builder Project Search vendor "Td-agent-builder Project"	Td-agent-builder Search vendor "Td-agent-builder Project" for product "Td-agent-builder"	< 2020-12-18 Search vendor "Td-agent-builder Project" for product "Td-agent-builder" and version " < 2020-12-18"	fluentd	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected