CVE-2019-12522 is a vulnerability in Squid Cache Squid
Published on April 15, 2020

An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.

NVD

Products Associated with CVE-2019-12522

Want to know whenever a new CVE is published for Squid Cache Squid? stack.watch will email you.

Squid Cache Squid

Exploit Probability

EPSS

0.18%

Percentile

39.38%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2019-12522 is a vulnerability in Squid Cache SquidPublished on April 15, 2020

Products Associated with CVE-2019-12522

Exploit Probability

CVE-2019-12522 is a vulnerability in Squid Cache Squid
Published on April 15, 2020