CVE-2019-19191

Posted on by admin

CVE-2019-19191

Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow.

Source: CVE-2019-19191

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다