CVE-2018-12562

EPSS 0.38%
Veröffentlicht 19.06.2018 05:29:00
Zuletzt bearbeitet 21.11.2024 03:45:26
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards (such as in an injected string:/home/../tmp/* string).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cantata Project ≫ Cantata Version <= 2.3.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.586

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.openwall.com/lists/oss-security/2018/06/18/1

Mailing List

Technical Description

https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3

Patch

Technical Description

https://nvd.nist.gov/vuln/detail/CVE-2018-12562

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-12562

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-12562

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-12562