8.8

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2020-21514

GHSA ID

GHSA-wrxf-x8rm-6ggg

EPSS Score

0.26215%

CWE

CWE-276

Published

4/4/2023

Updated

2/13/2025

KEV Status

Technology

Ruby

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-21514

CVE-2020-21514: Fluent Fluentd and Fluent-ui use default password

An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2 that allows attackers to gain escilated privileges and execute arbitrary code due to use of a default password.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2020-21514

CVE-2020-21514:

8.8

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2020-21514

GHSA ID

GHSA-wrxf-x8rm-6ggg

EPSS Score

0.26215%

CWE

CWE-276

Published

4/4/2023

Updated

2/13/2025

KEV Status

Technology

Ruby

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
fluentd	rubygems	<= 1.8.0
fluentd-ui	rubygems	<= 1.2.2

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the use of a default password ('admin'/'changeme') in Fluentd-ui, which is not enforced to be changed post-deployment. While the advisory doesn't explicitly name specific functions, the presence of this flaw implies that the user initialization or authentication setup code in Fluentd-ui is responsible for creating/administering the default credentials. Attackers leverage this to gain access and exploit functionalities like the in_exec plugin (enabled by default in Fluentd) for code execution. The CWE-276 (Incorrect Default Permissions) further supports this analysis, as the system ships with insecure default authentication settings.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

8.8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2020-21514: Fluent Fluentd and Fluent-ui use default password

CVE-2020-21514:

8.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

8.8

8.8

CVE-2020-21514: Fluent Fluentd and Fluent-ui use default password

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI