CVE-2022-37030
HIGHGrommunio Gromox 0.5-1.x < 1.28 - Unauthenticated Arbitrary Code Execution via PAM Module Configuration File
Title source: llmDescription
Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module.
References (2)
Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.suse.com/show_bug.cgi?id=1201949
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2022/08/04/1
Scores
CVSS v3
7.8
EPSS
0.0030
EPSS Percentile
21.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-276
Status
published
Products (1)
grommunio/gromox
0.5 - 1.28
Published
Aug 04, 2022
Tracked Since
Feb 18, 2026