CVE-2014-2905

fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fishshell:fish:1.16.0:*:*:*:*:*:*:*
cpe:2.3:a:fishshell:fish:2.0.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-05-02 14:55

Updated : 2023-12-10 11:31


NVD link : CVE-2014-2905

Mitre link : CVE-2014-2905

CVE.ORG link : CVE-2014-2905


JSON object : View

Products Affected

fishshell

  • fish
CWE
CWE-264

Permissions, Privileges, and Access Controls