GHSA-qj26-7grj-whg3
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qj26-7grj-whg3
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-qj26-7grj-whg3/GHSA-qj26-7grj-whg3.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-qj26-7grj-whg3
- Aliases
- Published
- 2021-06-23T17:18:49Z
- Modified
- 2024-05-20T19:39:08Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- Privilege Escalation in fscrypt
- Details
-
The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam).
- Database specific
{ "nvd_published_at": null, "cwe_ids": [], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2021-05-20T21:04:58Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-6558
- https://github.com/google/fscrypt/issues/77
- https://github.com/google/fscrypt/commit/3022c1603d968c22f147b4a2c49c4637dd1be91b
- https://github.com/google/fscrypt/commit/315f9b042237200174a1fb99427f74027e191d66
- https://github.com/google/fscrypt
- https://launchpad.net/bugs/1787548
- https://pkg.go.dev/vuln/GO-2020-0027
Affected packages
Go / github.com/google/fscrypt
Package
- Name
- github.com/google/fscrypt
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/google/fscrypt