CVE-2020-21514

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Fluent Fluentd version 1.8.0 Fluent-ui version 1.2.2

Description The issue is related to the use of a default password in Fluent Fluentd and its browser manager fluentd-ui, allowing attackers to gain escalated privileges and execute arbitrary code. This can be exploited by a remote attacker.

Recommendations For Fluent Fluentd version 1.8.0, change the default password to a unique and strong password to prevent exploitation. For Fluent-ui version 1.2.2, update the configuration to use a custom password instead of the default one to mitigate the risk of arbitrary code execution.

Exploit

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276CWE-259

Related Identifiers

BDU:2023-02267

BIT-FLUENTD-2020-21514

CVE-2020-21514

GHSA-WRXF-X8RM-6GGG

Affected Products

Fluentd

Fluent-Ui

CVE-2020-21514

Weakness Enumeration

Related Identifiers

Affected Products

References · 13