Privilege Escalation Affecting github.com/cloudflare/cloudflared/cmd/cloudflared/tunnel Open this link in a new tab package, versions <2020.8.1
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
25 May 2021
24 May 2021
How to fix?
github.com/cloudflare/cloudflared/cmd/cloudflared/tunnel to version 2020.8.1 or higher.
github.com/cloudflare/cloudflared/cmd/cloudflared/tunnel is an Argo Tunnel client.
Affected versions of this package are vulnerable to Privilege Escalation. On Windows, if an administrator has set
cloudflared to read configuration files from a certain directory, an unprivileged user can exploit a misconfiguration in order to escalate privileges and execute system-level commands. The misconfiguration is due to the way that
cloudflared reads its configuration file.
One of the locations that
cloudflared reads from (
C:\etc\) is not a secure by default directory due to the fact that Windows does not enforce access controls on this directory without further controls applied. A malformed
config.yaml file can be written by any user.