CVE-2023-22947 in Shibboleth-spinfo

Zusammenfassung (Englisch)

** DISPUTED ** Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt (rather than C:\Program Files) by default. NOTE: the vendor disputes the significance of this report, stating that "We consider the ACLs a best effort thing" and "it was a documentation mistake."

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservieren

11.01.2023

Veröffentlichung

11.01.2023

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

IDSchwachstelleCWEAusMasCVE
217963Shibboleth-sp Installation erweiterte Rechte427Nicht definiertOffizieller FixCVE-2023-22947

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

ZurückÜbersichtWeiter

Want to know what is going to be exploited?

We predict KEV entries!