4 matches found
GHSA-W4F8-FXQ2-J35V Possible privilege escalation via bash completion script
The bash completion script for fscrypt through v0.3.2 allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a...
Possible privilege escalation via bash completion script
The bash completion script for fscrypt through v0.3.2 allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a...
CVE-2022-25328
The CVE-2022-25328 issue concerns the bash_completion script in Google fscrypt. The vulnerability arises from the bash_completion mechanism: a local attacker who can influence mountpoint paths can inject commands through crafted mountpoint names when the script performs completion. This could lea...
CVE-2022-25328 Privilege escalation through command injection in fscrypt
The bashcompletion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoin...