CVE-2018-12561

EPSS 0.35%
Veröffentlicht 19.06.2018 05:29:00
Zuletzt bearbeitet 21.11.2024 03:45:26
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating (for example) the domain parameter of the samba URL.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cantata Project ≫ Cantata Version <= 2.3.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.35%	0.568

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.openwall.com/lists/oss-security/2018/06/18/1

Mailing List

Technical Description

https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3

Patch

Technical Description

https://nvd.nist.gov/vuln/detail/CVE-2018-12561

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-12561

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-12561

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-12561