logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2023-22947

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2023-22947

Description:
Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt (rather than C:\Program Files) by default. NOTE: the vendor disputes the significance of this report, stating that "We consider the ACLs a best effort thing" and "it was a documentation mistake."
Last updated date:
08/02/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
01/23/2023
Reference url to background

https://shibboleth.atlassian.net/browse/SSPCPP-961

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy