CVE-2020-10588

v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/add.sh and /etc/v2rayL/remove.sh are owned by a low-privileged user but execute as root via Sudo.
Configurations

Configuration 1 (hide)

cpe:2.3:a:v2rayl_project:v2rayl:2.1.3:*:*:*:*:*:*:*

History

21 Nov 2024, 04:55

Type Values Removed Values Added
References () https://gist.github.com/bash-c/6ac238e8b15e60c9105e8cb6b42ec43c#file-v2rayl-lpe-exp1-sh - Exploit, Third Party Advisory () https://gist.github.com/bash-c/6ac238e8b15e60c9105e8cb6b42ec43c#file-v2rayl-lpe-exp1-sh - Exploit, Third Party Advisory

Information

Published : 2020-03-15 21:15

Updated : 2024-11-21 04:55


NVD link : CVE-2020-10588

Mitre link : CVE-2020-10588

CVE.ORG link : CVE-2020-10588


JSON object : View

Products Affected

v2rayl_project

  • v2rayl
CWE
CWE-269

Improper Privilege Management