{"id":"CVE-2020-24356","details":"`cloudflared` versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. When run on a Windows system, `cloudflared` searches for configuration files which could be abused by a malicious entity to execute commands as a privileged user. Version 2020.8.1 fixes this issue.","aliases":["GHSA-hgwp-4vp4-qmm2","GO-2022-0845"],"modified":"2026-04-11T20:43:04.997388Z","published":"2020-10-02T15:15:12.483Z","related":["GHSA-hgwp-4vp4-qmm2"],"references":[{"type":"ADVISORY","url":"https://github.com/cloudflare/cloudflared/security/advisories/GHSA-hgwp-4vp4-qmm2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cloudflare/cloudflared","events":[{"introduced":"0"},{"fixed":"9323844ea773b1444460fa09295ab8c01a88d97e"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"2020.8.1"}],"cpe":"cpe:2.3:a:cloudflare:cloudflared:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["2018.10.0","2018.10.1","2018.10.2","2018.10.3","2018.10.5","2018.11.0","2018.12.0","2018.12.1","2018.8.0","2019.1.0","2019.10.0","2019.10.1","2019.10.2","2019.10.3","2019.10.4","2019.11.0","2019.11.2","2019.11.3","2019.12.0","2019.2.0","2019.2.1","2019.3.0","2019.3.1","2019.3.2","2019.4.0","2019.4.1","2019.5.0","2019.6.0","2019.7.0","2019.8.0","2019.8.1","2019.8.3","2019.8.4","2019.9.0","2019.9.1","2019.9.2","2020.2.0","2020.2.1","2020.3.0","2020.3.1","2020.3.2","2020.4.0","2020.5.0","2020.5.1","2020.6.0","2020.6.1","2020.6.2","2020.6.3","2020.6.4","2020.6.5","2020.6.6","2020.7.0","2020.7.1","2020.7.2","2020.7.3","2020.7.4","2020.8.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-24356.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}