Cantata-Mounter D-Bus Service Allows Injection of Additional Mount Options

Cantata-Mounter D-Bus Service Allows Injection of Additional Mount Options

CVE-2018-12561 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating (for example) the domain parameter of the samba URL.

Learn more about our User Device Pen Test.