{"id":"CVE-2022-37030","details":"Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module.","modified":"2026-04-12T05:39:53.208693Z","published":"2022-08-04T23:15:08.257Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2022/08/04/1"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1201949"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/grommunio/gromox","events":[{"introduced":"004f2db05d4a0b3bf196379559245901adf56a35"},{"fixed":"963c1ff1393e6c61d285c74fca709698e27a537b"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:grommunio:gromox:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0.5"},{"fixed":"1.28"}]}}],"versions":["gromox-0.10","gromox-0.11","gromox-0.12","gromox-0.13","gromox-0.14","gromox-0.15","gromox-0.16","gromox-0.17","gromox-0.18","gromox-0.19","gromox-0.20","gromox-0.21","gromox-0.22","gromox-0.23","gromox-0.24","gromox-0.25","gromox-0.26","gromox-0.27","gromox-0.5","gromox-0.6","gromox-0.7","gromox-0.8","gromox-0.9","gromox-1.0","gromox-1.1","gromox-1.10","gromox-1.11","gromox-1.12","gromox-1.13","gromox-1.14","gromox-1.15","gromox-1.15.32","gromox-1.16","gromox-1.17","gromox-1.18","gromox-1.19","gromox-1.2","gromox-1.20","gromox-1.21","gromox-1.22","gromox-1.23","gromox-1.24","gromox-1.25","gromox-1.26","gromox-1.27","gromox-1.3","gromox-1.4","gromox-1.5","gromox-1.6","gromox-1.7","gromox-1.8","gromox-1.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-37030.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}