Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Shibboleth Service Provider 后置链接漏洞
Vulnerability Description
Shibboleth是英国Shibboleth公司的一套基于Windows平台的开源的SAML协议的Web单点登录系统。Service Provider(SP)是其中的一个服务提供商组件,它主要用于拦截对受保护资源或应用程序入口点的访问、向选定的身份提供者发出SAML身份验证请求等。 Shibboleth SP 3.1.0之前的3.x版本中存在安全漏洞。攻击者可借助连接到/etc/shadow等文件的符号链接利用该漏洞将权限提升至root。
CVSS Information
N/A
Vulnerability Type
N/A