CVE-2020-24356

Name of the Vulnerable Software and Affected Versions cloudflared versions prior to 2020.8.1

Description The issue allows for local privilege escalation on Windows systems due to the way cloudflared searches for and reads configuration files. This could be exploited by a malicious entity to execute commands as a privileged user. An unprivileged user can exploit a misconfiguration to escalate privileges and execute system-level commands by creating a malformed config.yaml file in a non-secure directory, such as C:etc, which cloudflared reads from. The config.yaml file can specify a user-controlled log file location, potentially allowing for code execution when any user logs in.

Recommendations For versions prior to 2020.8.1, update to version 2020.8.1 or later to fix the issue. As a temporary workaround, consider restricting access to the C:etc directory and ensuring that only authorized users can create or modify configuration files. Additionally, restrict the ability of cloudflared to write to arbitrary locations on the system by configuring it to log to a secure, non-executable location.