The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam).
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/google/fscrypt(Go) | 0 | 0.2.4 | N/A |
CVSS Metrics
