Vulnerability CVE-2022-25328: Information
Description
The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above
Severity: HIGH (7.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
fscrypt | sisyphus | 0.3.4-alt1 | 0.3.5-alt1 | ALT-PU-2023-1941-1 | 322459 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
N/A |
|