{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T22:34:03.142","vulnerabilities":[{"cve":{"id":"CVE-2020-24356","sourceIdentifier":"cna@cloudflare.com","published":"2020-10-02T15:15:12.483","lastModified":"2024-11-21T05:14:39.480","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"`cloudflared` versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. When run on a Windows system, `cloudflared` searches for configuration files which could be abused by a malicious entity to execute commands as a privileged user. Version 2020.8.1 fixes this issue."},{"lang":"es","value":"\"cloudflared\" versiones anteriores a 2020.8.1, contiene una vulnerabilidad de escalada de privilegios local en los sistemas Windows. Cuando se ejecuta en un sistema Windows, \"cloudflared\" busca archivos de configuración que podrían ser abusados ??por una entidad maliciosa para ejecutar comandos como un usuario privilegiado. La versión 2020.8.1 corrige este problema"}],"metrics":{"cvssMetricV31":[{"source":"cna@cloudflare.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.1,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-427"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cloudflare:cloudflared:*:*:*:*:*:*:*:*","versionEndExcluding":"2020.8.1","matchCriteriaId":"2FBA4059-5A07-40A9-A872-A0EA31E346ED"}]}]}],"references":[{"url":"https://github.com/cloudflare/cloudflared/security/advisories/GHSA-hgwp-4vp4-qmm2","source":"cna@cloudflare.com","tags":["Third Party Advisory"]},{"url":"https://github.com/cloudflare/cloudflared/security/advisories/GHSA-hgwp-4vp4-qmm2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}