GO-2020-0027

Source

https://pkg.go.dev/vuln/GO-2020-0027

Import Source

https://vuln.go.dev/ID/GO-2020-0027.json

Aliases

Published

2021-04-14T20:04:52Z

Modified

2023-11-08T04:00:21.512630Z

Details

After dropping and then elevating process privileges euid, guid, and groups are not properly restored to their original values, allowing an unprivileged user to gain membership in the root group.

References

Affected packages

Go / github.com/google/fscrypt

Package

Name: github.com/google/fscrypt

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.2.4

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/google/fscrypt/pam",
            "symbols": [
                "Handle.StartAsPamUser",
                "Handle.StopAsPamUser",
                "NewHandle"
            ]
        },
        {
            "path": "github.com/google/fscrypt/security",
            "symbols": [
                "FindKey",
                "InsertKey",
                "RemoveKey",
                "SetProcessPrivileges",
                "UserKeyringID",
                "setGids",
                "setGroups",
                "setUids"
            ]
        }
    ]
}