CVE-2019-19191Link Following in Service Provider

CWE-59Link Following5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 61.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Internet2 Shibboleth-spShibboleth Service Provider
Timeline
PublishedNov 21
Latest updateMay 24

Description

Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDshibboleth/service_provider3.0.03.1.0
Debianinternet2/shibboleth-sp< 3.1.0+dfsg1-2+3

🔴Vulnerability Details

3
GHSA
GHSA-gcm7-32c7-5wrq: Shibboleth Service Provider (SP) 32022-05-24
OSV
CVE-2019-19191: Shibboleth Service Provider (SP) 32019-11-21
CVEList
CVE-2019-19191: Shibboleth Service Provider (SP) 32019-11-21

📋Vendor Advisories

1
Debian
CVE-2019-19191: shibboleth-sp - Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls...2019
CVE-2019-19191 — Link Following in Service Provider | cvebase