CVE-2019-20044
HIGH
7.8
Our Analysis: Environment Specific
Our model has classified this vulnerability as relevant to Environment Specific Systems, helping your team prioritize efforts effectively.
Published Date
February 24, 2020
Last Modified
November 21, 2024
CVSS Vector
Not Available
Description
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().