What is CVE-2019-18276?

CVE-2019-18276 is a vulnerability in N/a. Published 2019-11-28.

Is CVE-2019-18276 known to be exploited?

19 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-18276

An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. Ho…

EPSS: 0.502 (97.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar (mailing-list, x_refsource_MLIST)
GLSA-202105-34 (vendor-advisory, x_refsource_GENTOO)
www.oracle.com/security-alerts/cpuapr2022.html (x_refsource_MISC)
www.youtube.com/watch (x_refsource_MISC)
github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff (x_refsource_CONFIRM)
packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html (x_refsource_MISC)
security.netapp.com/advisory/ntap-20200430-0003/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2019-18276?: CVE-2019-18276 is a vulnerability in N/a. Published 2019-11-28.
Is CVE-2019-18276 known to be exploited?: 19 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.