CVE-2018-12562 log

Severity High
Remote No
Type Access restriction bypass
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards (such as in an injected string:/home/../tmp/* string).
Group Package Affected Fixed Severity Status Ticket
AVG-721 cantata 2.3.1-1 2.3.1-2 High Fixed
Date Advisory Group Package Severity Type
20 Jun 2018 ASA-201806-12 AVG-721 cantata High multiple issues