Unrated severityNVD Advisory· Published May 2, 2014· Updated Jun 17, 2026
CVE-2014-2905
CVE-2014-2905
Description
fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- Range: >=1.16.0,<2.1.1
- osv-coords3 versionspkg:rpm/opensuse/fish3&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/fish3&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/fish&distro=openSUSE%20Tumbleweed
< 3.0.0-lp150.3.1+ 2 more
- (no CPE)range: < 3.0.0-lp150.3.1
- (no CPE)range: < 3.0.0-lp151.2.1
- (no CPE)range: < 2.4.0-1.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.