rpm package
suse/shibboleth-sp&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2
pkg:rpm/suse/shibboleth-sp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-19191 | — | < 2.5.5-6.6.1 | 2.5.5-6.6.1 | Nov 21, 2019 | Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow. | ||
| CVE-2017-16852 | Hig | 8.1 | < 2.5.5-6.3.1 | 2.5.5-6.3.1 | Nov 16, 2017 | shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcem |
- CVE-2019-19191Nov 21, 2019affected < 2.5.5-6.6.1fixed 2.5.5-6.6.1
Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow.
- affected < 2.5.5-6.3.1fixed 2.5.5-6.3.1
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcem