| { |
| "schema_version": "1.3.1", |
| "id": "GO-2020-0027", |
| "modified": "0001-01-01T00:00:00Z", |
| "published": "2021-04-14T20:04:52Z", |
| "aliases": [ |
| "CVE-2018-6558", |
| "GHSA-qj26-7grj-whg3" |
| ], |
| "summary": "Privilege escalation in github.com/google/fscrypt", |
| "details": "After dropping and then elevating process privileges euid, guid, and groups are not properly restored to their original values, allowing an unprivileged user to gain membership in the root group.", |
| "affected": [ |
| { |
| "package": { |
| "name": "github.com/google/fscrypt", |
| "ecosystem": "Go" |
| }, |
| "ranges": [ |
| { |
| "type": "SEMVER", |
| "events": [ |
| { |
| "introduced": "0" |
| }, |
| { |
| "fixed": "0.2.4" |
| } |
| ] |
| } |
| ], |
| "ecosystem_specific": { |
| "imports": [ |
| { |
| "path": "github.com/google/fscrypt/pam", |
| "symbols": [ |
| "Handle.StartAsPamUser", |
| "Handle.StopAsPamUser", |
| "NewHandle" |
| ] |
| }, |
| { |
| "path": "github.com/google/fscrypt/security", |
| "symbols": [ |
| "FindKey", |
| "InsertKey", |
| "RemoveKey", |
| "SetProcessPrivileges", |
| "UserKeyringID", |
| "setGids", |
| "setGroups", |
| "setUids" |
| ] |
| } |
| ] |
| } |
| } |
| ], |
| "references": [ |
| { |
| "type": "FIX", |
| "url": "https://github.com/google/fscrypt/commit/3022c1603d968c22f147b4a2c49c4637dd1be91b" |
| }, |
| { |
| "type": "WEB", |
| "url": "https://github.com/google/fscrypt/issues/77" |
| } |
| ], |
| "database_specific": { |
| "url": "https://pkg.go.dev/vuln/GO-2020-0027" |
| } |
| } |
