CVE-2020-10589

v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/config.json is owned by a low-privileged user but contains commands that are executed as root, after v2rayL.service is restarted via Sudo.
Configurations

Configuration 1 (hide)

cpe:2.3:a:v2rayl_project:v2rayl:2.1.3:*:*:*:*:*:*:*

History

21 Nov 2024, 04:55

Type Values Removed Values Added
References () https://gist.github.com/bash-c/6ac238e8b15e60c9105e8cb6b42ec43c#file-v2rayl-lpe-exp2-sh - Exploit, Third Party Advisory () https://gist.github.com/bash-c/6ac238e8b15e60c9105e8cb6b42ec43c#file-v2rayl-lpe-exp2-sh - Exploit, Third Party Advisory

Information

Published : 2020-03-15 21:15

Updated : 2024-11-21 04:55


NVD link : CVE-2020-10589

Mitre link : CVE-2020-10589

CVE.ORG link : CVE-2020-10589


JSON object : View

Products Affected

v2rayl_project

  • v2rayl
CWE
CWE-269

Improper Privilege Management