Floragasse 7 – 5th floor, 1040 Vienna
Subscribe to our Newsletter


SBA Security Advisory – CloudLinux CageFS – Insufficiently Restricted Proxy Command (CVE-2020-36772)

Vulnerability Overview

CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment.

  • Type of Vulnerability: External Control of File Name or Path
  • Fixed in Version: 7.1.1-1
  • CVSSv3.1 Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
  • CVSSv3.1 Base Score: 6.6 (Medium)

Recommended Countermeasure

We recommend to update CloudLinux CageFS to version 7.1.1-1 or later. For further details, see the full security advisory.


Full Security Advisory