Fish
CVE-2014-2905
MEDIUM
Severity by source
AV:L/AC:M/Au:N/C:C/I:C/A:C
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:L/AC:M/Au:N/C:C/I:C/A:C
Lifecycle Timeline
1DescriptionCVE.org
fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions.
AnalysisAI
fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user. Rated medium severity (CVSS 6.9). No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-264. fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions. Affected products include: Fishshell Fish. Version information: before 2.1.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. Rated medium severity
fish is a command line shell. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low atta
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today