World-writable directory vulnerability in fscrypt v0.3.2 and below

World-writable directory vulnerability in fscrypt v0.3.2 and below

CVE-2022-25326 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable.

Learn more about our User Device Pen Test.