CVE-2019-20044
HIGH7.8EPSS 0.09%zsh - security update
發布日:2020/2/24修改日:2026/4/28
描述
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().
受影響套件(3)
- Alpine/zshfrom 0, < 5.8-r0
- Debian/zshfrom 0, < 5.8-1
- Debian/zshfrom 0, < 5.0.7-5+deb8u1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |