RSS   Vulnerabilities for 'V2rayl'   RSS

2020-03-15
 
CVE-2020-10589

CWE-269
 

 
v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/config.json is owned by a low-privileged user but contains commands that are executed as root, after v2rayL.service is restarted via Sudo.

 
 
CVE-2020-10588

CWE-269
 

 
v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/add.sh and /etc/v2rayL/remove.sh are owned by a low-privileged user but execute as root via Sudo.

 


Copyright 2021, cxsecurity.com

 

Back to Top