CVE-2022-25328

The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above

CVSS v3 7.3 HIGH
CVSS v2.0 7.2 HIGH

7.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://github.com/google/fscrypt/pull/346	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:google:fscrypt:*:*:*:*:*:*:*:*

History

07 Mar 2022, 17:25

Type	Values Removed	Values Added
CWE		CWE-78
CPE		cpe:2.3:a:google:fscrypt::::::::
First Time		Google Google fscrypt
References	~~(CONFIRM) https://github.com/google/fscrypt/pull/346 -~~	(CONFIRM) https://github.com/google/fscrypt/pull/346 - Patch, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.2 v3 : 7.3

25 Feb 2022, 12:57

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-02-25 11:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-25328

Mitre link : CVE-2022-25328

CVE.ORG link : CVE-2022-25328

JSON object : View

Products Affected

google

fscrypt

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2022-25328", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}, {"type": "Secondary", "source": "cve-coordination@google.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.3}]}, "published": "2022-02-25T11:15:08.120", "references": [{"url": "https://github.com/google/fscrypt/pull/346", "tags": ["Patch", "Third Party Advisory"], "source": "cve-coordination@google.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Secondary", "source": "cve-coordination@google.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above"}, {"lang": "es", "value": "El script bash_completion para fscrypt permite la inyecci\u00f3n de comandos por medio de rutas de punto de montaje dise\u00f1adas, permitiendo una escalada de privilegios bajo un conjunto espec\u00edfico de circunstancias. Un usuario local que tenga control sobre las rutas de los puntos de montaje podr\u00eda escalar sus privilegios si crea una ruta de punto de montaje maliciosa y si el administrador del sistema resulta estar usando el script bash_completion de fscrypt para completar las rutas de los puntos de montaje. Recomendamos actualizar a versi\u00f3n 0.3.3 o superior\n"}], "lastModified": "2022-03-07T17:25:33.653", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:fscrypt:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "623A7E29-1DE3-4D26-893E-8EE2D7FADD46", "versionEndExcluding": "0.3.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve-coordination@google.com"}