{"id":"CVE-2014-2905","details":"fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions.","modified":"2026-04-16T06:19:17.598008842Z","published":"2014-05-02T14:55:07Z","related":["openSUSE-SU-2019:2177-1","openSUSE-SU-2019:2188-1","openSUSE-SU-2024:10348-1"],"references":[{"type":"REPORT","url":"https://github.com/fish-shell/fish-shell/issues/1436"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00059.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00071.html"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2014/04/28/4"}],"schema_version":"1.7.5"}