Haynespl

**Name of the Vulnerable Software and Affected Versions** cloudflared versions prior to 2020.8.1 **Description** The issue allows for local privilege escalation on Windows systems due to the way `cloudflared` searches for and reads configuration files. This could be exploited by a malicious entity to execute commands as a privileged user. An unprivileged user can exploit a misconfiguration to escalate privileges and execute system-level commands by creating a malformed `config.yaml` file in a non-secure directory, such as `C:etc`, which `cloudflared` reads from. The `config.yaml` file can specify a user-controlled log file location, potentially allowing for code execution when any user logs in. **Recommendations** For versions prior to 2020.8.1, update to version 2020.8.1 or later to fix the issue. As a temporary workaround, consider restricting access to the `C:etc` directory and ensuring that only authorized users can create or modify configuration files. Additionally, restrict the ability of `cloudflared` to write to arbitrary locations on the system by configuring it to log to a secure, non-executable location.