Skip to main content

Fscrypt

4 CVEs product

Monthly

CVE-2022-25328 Go HIGH PATCH This Week

The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Privilege Escalation Command Injection Fscrypt
NVD GitHub
CVSS 3.1
7.3
EPSS
0.2%
CVE-2022-25327 Go MEDIUM PATCH This Month

The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Authentication Bypass Fscrypt
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-25326 Go MEDIUM PATCH This Month

fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Fscrypt
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2018-6558 Go MEDIUM PATCH This Month

The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fscrypt
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
EPSS 0% CVSS 7.3
HIGH PATCH This Week

The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Privilege Escalation Command Injection Fscrypt
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Authentication Bypass Fscrypt
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Fscrypt
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fscrypt
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy