Privilege Escalation via Insecure Credential Checking in fish-shell 1.16.0 to 2.1.1
CVE-2014-2905 · MEDIUM Severity
AV:L/AC:M/AU:N/C:C/I:C/A:C
fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions.
Learn more about our User Device Pen Test.