cantata

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Qt5 client for the music player daemon (MPD)
Version 2.3.3-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-721 2.3.1-1 2.3.1-2 High Fixed
Issue Group Severity Remote Type Description
CVE-2018-12562 AVG-721 High No Access restriction bypass
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the...
CVE-2018-12561 AVG-721 Medium No Access restriction bypass
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode=...
CVE-2018-12560 AVG-721 Medium No Access restriction bypass
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory...
CVE-2018-12559 AVG-721 High No Privilege escalation
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient....

Advisories

Date Advisory Group Severity Description
20 Jun 2018 ASA-201806-12 AVG-721 High multiple issues