CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-12562

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards (such as in an injected string:/home/../tmp/* string).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 59.7%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2018-12562

Cantata Project » Cantata » Version: 2.0.0

cpe:2.3:a:cantata_project:cantata:2.0.0
Cantata Project » Cantata » Version: 2.0.1

cpe:2.3:a:cantata_project:cantata:2.0.1
Cantata Project » Cantata » Version: 2.1.0

cpe:2.3:a:cantata_project:cantata:2.1.0
Cantata Project » Cantata » Version: 2.2.0

cpe:2.3:a:cantata_project:cantata:2.2.0
Cantata Project » Cantata » Version: 2.3.0

cpe:2.3:a:cantata_project:cantata:2.3.0
Cantata Project » Cantata » Version: 2.3.1

cpe:2.3:a:cantata_project:cantata:2.3.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-12562

Products

Pricing

Contact Us