CVE-2020-21514 (fluentd-ui): Fluent Fluentd and Fluent-ui use default password

Fluent Fluentd and Fluent-ui use default password

Published: April 04, 2023

SECURITY IDENTIFIERS

CVE: CVE-2020-21514 (NVD)
GHSA: GHSA-wrxf-x8rm-6ggg

GEM

fluentd-ui

SEVERITY

CVSS v3.x: 8.8 (High)

PATCHED VERSIONS

None available.

DESCRIPTION

An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2 that allows attackers to gain escilated privileges and execute arbitrary code due to use of a default password.

https://nvd.nist.gov/vuln/detail/CVE-2020-21514
https://github.com/fluent/fluentd-ui/issues/295
https://github.com/advisories/GHSA-wrxf-x8rm-6ggg

RubySec