CVE-2020-28169

HIGH

td-agent-builder < 2020-12-18 - Privilege Escalation via Writable bin Directory

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-28169. PoCs published by Adrian Bondocea, zubrahzz.

AI-analyzed exploit summary This exploit describes an insecure folder permission vulnerability in Fluentd TD-agent plugin before 4.0.1, where the bin directory is writable by authenticated users but executed as NT AUTHORITY\SYSTEM. The writeup provides details on the vulnerable path and service but does not include executable exploit code.

Description

The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM.

Exploits (2)

exploitdb WRITEUP
by Adrian Bondocea · textlocalwindows
https://www.exploit-db.com/exploits/49363

This exploit describes an insecure folder permission vulnerability in Fluentd TD-agent plugin before 4.0.1, where the bin directory is writable by authenticated users but executed as NT AUTHORITY\SYSTEM. The writeup provides details on the vulnerable path and service but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Fluentd TD-agent plugin <4.0.1
Auth required
Prerequisites: Authenticated user access on Windows · Fluentd TD-agent plugin <4.0.1 installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by zubrahzz · poc
https://github.com/zubrahzz/FluentD-TD-agent-Exploit-CVE-2020-28169

This repository contains a README describing CVE-2020-28169, an insecure folder permission vulnerability in FluentD TD-agent for Windows leading to privilege escalation. No exploit code is provided, only a download URL for the vulnerable software.

Classification
Writeup 30%
Attack Type
Lpe
Complexity
Trivial
Reliability
Theoretical
Target: FluentD TD-agent <4.0.1
No auth needed
Prerequisites: Access to the vulnerable system · Ability to modify folder permissions
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Product, Vendor Advisory x_refsource_misc
https://docs.fluentd.org/installation/install-by-msi
Third Party Advisory x_refsource_misc
https://td-agent-package-browser.herokuapp.com/4/windows
Vendor Advisory x_refsource_misc
https://www.fluentd.org/
Exploit, Issue Tracking, Third Party Advisory x_refsource_confirm
https://github.com/fluent/fluentd/issues/3201
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2021/dsa-4949

Scores

CVSS v3 7.0
EPSS 0.0117
EPSS Percentile 63.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-732
Status published
Products (2)
debian/debian_linux 10.0
td-agent-builder_project/td-agent-builder < 2020-12-18
Published Dec 24, 2020
Tracked Since Feb 18, 2026