Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere (e.g., outside of the /home directory tree) by passing directory traversal sequences such as a home/../usr substring.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cantata cantata-mounter D-Bus服务安全漏洞
Vulnerability Description
Cantata是一款用于音乐播放器守护进程(MPD)中的可视化客户端。cantata-mounter D-Bus service是其中的一个总线服务。 Cantata 2.3.1及之前版本中的cantata-mounter D-Bus服务存在安全漏洞,该漏洞源于在mounter.cpp文件的‘mpOk()’函数中,程序没有充分的检测挂载目标路径。攻击者可通过传递目录遍历序列利用该漏洞在任意位置挂载CIFS文件系统。
CVSS Information
N/A
Vulnerability Type
N/A