PT-2019-6330 · Fluentd · Fluentd+1

Xu-Xiang

Publicado

2019-12-10

Atualizado

2025-06-09

CVE-2020-21514

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Fluent Fluentd version 1.8.0 Fluent-ui version 1.2.2

Description The issue is related to the use of a default password in Fluent Fluentd and its browser manager fluentd-ui, allowing attackers to gain escalated privileges and execute arbitrary code. This can be exploited by a remote attacker.

Recommendations For Fluent Fluentd version 1.8.0, change the default password to a unique and strong password to prevent exploitation. For Fluent-ui version 1.2.2, update the configuration to use a custom password instead of the default one to mitigate the risk of arbitrary code execution.

Exploit

Correção

Incorrect Default Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-276CWE-259

Identificadores relacionados

BDU:2023-02267

BIT-FLUENTD-2020-21514

CVE-2020-21514

GHSA-WRXF-X8RM-6GGG

Produtos afetados

Fluentd

Fluent-Ui

PT-2019-6330 · Fluentd · Fluentd+1

CVE-2020-21514

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13