Privilege Escalation Vulnerability in Shibboleth Service Provider (SP) 3.x before 3.1.0

Privilege Escalation Vulnerability in Shibboleth Service Provider (SP) 3.x before 3.1.0

CVE-2019-19191 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow.

Learn more about our User Device Pen Test.