Go modules package
github.com/google/fscrypt
pkg:golang/github.com/google/fscrypt
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-25328 | — | < 0.3.3 | 0.3.3 | Feb 25, 2022 | The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a m | ||
| CVE-2022-25327 | — | < 0.3.3 | 0.3.3 | Feb 25, 2022 | The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from | ||
| CVE-2022-25326 | — | < 0.3.3 | 0.3.3 | Feb 25, 2022 | fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories wher | ||
| CVE-2018-6558 | — | < 0.2.4 | 0.2.4 | Aug 23, 2018 | The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam). |
- CVE-2022-25328Feb 25, 2022affected < 0.3.3fixed 0.3.3
The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a m
- CVE-2022-25327Feb 25, 2022affected < 0.3.3fixed 0.3.3
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from
- CVE-2022-25326Feb 25, 2022affected < 0.3.3fixed 0.3.3
fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories wher
- CVE-2018-6558Aug 23, 2018affected < 0.2.4fixed 0.2.4
The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam).