Privilege Escalation via Insecure Credential Checking in fish-shell 1.16.0 to 2.1.1

Privilege Escalation via Insecure Credential Checking in fish-shell 1.16.0 to 2.1.1

CVE-2014-2905 · MEDIUM Severity

AV:L/AC:M/AU:N/C:C/I:C/A:C

fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions.

Learn more about our User Device Pen Test.