Lucene search
K

4 matches found

OSV
OSV
added 2022/03/01 9:4 p.m.35 views

GHSA-W4F8-FXQ2-J35V Possible privilege escalation via bash completion script

The bash completion script for fscrypt through v0.3.2 allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a...

6.4AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/03/01 9:4 p.m.50 views

Possible privilege escalation via bash completion script

The bash completion script for fscrypt through v0.3.2 allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a...

7.3CVSS3.2AI score0.00199EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/02/25 11:0 a.m.40 views

CVE-2022-25328 Privilege escalation through command injection in fscrypt

The bashcompletion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoin...

5CVSS7.9AI score0.00199EPSS
Exploits0References1
CVE
CVE
added 2022/02/25 11:0 a.m.101 views

CVE-2022-25328

The CVE-2022-25328 issue concerns the bash_completion script in Google fscrypt. The vulnerability arises from the bash_completion mechanism: a local attacker who can influence mountpoint paths can inject commands through crafted mountpoint names when the script performs completion. This could lea...

7.3CVSS6.5AI score0.00199EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder