CVE-2020-10589

Name of the Vulnerable Software and Affected Versions v2rayL version 2.1.3

Description The issue allows local users to achieve root access due to the ownership of /etc/v2rayL/config.json by a low-privileged user, which contains commands executed as root after the v2rayL.service is restarted via Sudo.

Recommendations For version 2.1.3, consider changing the ownership of /etc/v2rayL/config.json to a privileged user or restricting the execution of commands as root to prevent exploitation. As a temporary workaround, avoid restarting v2rayL.service via Sudo until a proper fix is applied.