Vulnerability Description
Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Shibboleth | Service Provider | >= 3.0.0, < 3.1.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00017.html
- https://bugzilla.suse.com/show_bug.cgi?id=1157471ExploitIssue TrackingThird Party Advisory
- https://issues.shibboleth.net/jira/browse/SSPCPP-874Issue TrackingVendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00017.html
- https://bugzilla.suse.com/show_bug.cgi?id=1157471ExploitIssue TrackingThird Party Advisory
- https://issues.shibboleth.net/jira/browse/SSPCPP-874Issue TrackingVendor Advisory
FAQ
What is CVE-2019-19191?
CVE-2019-19191 is a vulnerability with a CVSS score of 7.8 (HIGH). Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the us...
How severe is CVE-2019-19191?
CVE-2019-19191 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-19191?
Check the references section above for vendor advisories and patch information. Affected products include: Shibboleth Service Provider.