cbcvebase.
CVE-2014-9091
published 2014-12-10

CVE-2014-9091: Icecast before 2.4.0 does not change the supplementary group privileges when is configured, which allows local users to gain privileges via unspecified vectors.

PriorityP418medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.49%
38.3th percentile
Icecast before 2.4.0 does not change the supplementary group privileges when is configured, which allows local users to gain privileges via unspecified vectors.

Affected

2 ranges
VendorProductVersion rangeFixed in
debianicecast2< icecast2 2.4.0-1 (bookworm)icecast2 2.4.0-1 (bookworm)
icecasticecast<= 2.3.3

CVSS provenance

nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.