CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2905
https://notcve.org/view.php?id=CVE-2014-2905
fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions. fish (también conocido como fish-shell) 1.16.0 anterior a 2.1.1 no comprueba debidamente los credenciales, lo que permite a usuarios locales ganar privilegios a través del socket de variable universal, relacionado con permisos /tmp/fishd.socket.user. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00071.html http://www.openwall.com/lists/oss-security/2014/04/28/4 https://github.com/fish-shell/fish-shell/issues/1436 • CWE-264: Permissions, Privileges, and Access Controls •