Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2018-12562

Published: 19/06/2018 Updated: 10/08/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Cantata

Vulnerability Summary

An issue exists in the cantata-mounter D-Bus service in Cantata up to and including 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards (such as in an injected string:/home/../tmp/* string).

Vulnerable Product Search on Vulmon Subscribe to Product

cantata project cantata

Vendor Advisories

Arch Linux Issues:
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 231 The wrapper script 'mountcifswrapper' uses the shell to forward the arguments to the actual mountcifs binary The shell evaluates wildcards (such as in an injected string:/home//tmp/* string) ...

References

CWE-20https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3http://www.openwall.com/lists/oss-security/2018/06/18/1https://nvd.nist.govhttps://security.archlinux.org/CVE-2018-12562
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298CVE-2024-20356CVE-2023-21987CVE-2024-33217bypassCVE-2024-31804CVE-2024-32660unauthorizedSSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook