Login Sign Up

CVE-2020-13452

9.8 CRITICAL
Remote Code Execution Denial of Service

📋 TL;DR

CVE-2020-13452 is an insecure permissions vulnerability in Gotenberg where the tini process manager file is writable by the gotenberg user, allowing attackers to overwrite it. This can lead to denial of service or remote code execution. Affects Gotenberg deployments through version 6.2.1.

💻 Affected Systems

Products:
  • Gotenberg
Versions: through 6.2.1
Operating Systems: Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Docker container deployments where the gotenberg user has write access to the tini binary.

📦 What is this software?

Gotenberg by Thecodingmachine

View all CVEs affecting Gotenberg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via arbitrary code execution as the gotenberg user, potentially leading to privilege escalation and complete control of the host system.

🟠

Likely Case

Denial of service by overwriting tini to crash the service, or limited code execution within the gotenberg user context to access sensitive documents and system resources.

🟢

If Mitigated

Minimal impact if proper file permissions and container isolation are implemented, limiting the attack surface to service disruption only.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires initial access to execute commands as the gotenberg user, but the file overwrite itself is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.3.0 and later

Vendor Advisory: https://github.com/thecodingmachine/gotenberg/issues/199

Restart Required: Yes

Instructions:

1. Update Gotenberg to version 6.3.0 or later. 2. Pull the latest Docker image: docker pull thecodingmachine/gotenberg:6.3.0. 3. Restart your Gotenberg containers with the updated image.

🔧 Temporary Workarounds

Fix tini permissions

linux

Manually set proper permissions on the tini binary to prevent overwrites

chmod 755 /usr/local/bin/tini
chown root:root /usr/local/bin/tini

🧯 If You Can't Patch

  • Implement strict container isolation with read-only filesystems where possible
  • Restrict network access to Gotenberg instances and monitor for suspicious file modification attempts

🔍 How to Verify

Check if Vulnerable:

Check if tini file is writable by gotenberg user: docker exec <container> ls -la /usr/local/bin/tini | grep 'rw' for gotenberg

Check Version:

docker exec <container> gotenberg --version

Verify Fix Applied:

Verify tini permissions show root ownership and no write access for gotenberg: docker exec <container> ls -la /usr/local/bin/tini

📡 Detection & Monitoring

Log Indicators:

  • Unexpected file modification events on /usr/local/bin/tini
  • Gotenberg service crashes or restarts

Network Indicators:

  • Unusual outbound connections from Gotenberg containers

SIEM Query:

source="docker" AND (event="file_modification" AND file_path="/usr/local/bin/tini") OR (process="gotenberg" AND event="crash")

📊 Metadata

CVE ID: CVE-2020-13452
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-276
Published: January 7, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-13452, you might also want to check these:

CVE-2025-40585 9.9

Energy Services solutions using G5DFR contain default credentials, allowing attackers to gain contro...

Same vulnerability type (CWE-276)
CVE-2023-47462 9.8

This vulnerability allows remote attackers to execute arbitrary code on GL.iNet AX1800 routers by ex...

Same vulnerability type (CWE-276)
CVE-2022-41572 9.8

CVE-2022-41572 is a privilege escalation vulnerability in EyesOfNetwork (EON) where nmap can be exec...

Same vulnerability type (CWE-276)