CVE-2018-12559

Name of the Vulnerable Software and Affected Versions Cantata versions prior to 2.3.2

Description An issue was discovered in the cantata-mounter D-Bus service. The mount target path check in mpOk() function is insufficient, allowing a regular user to mount a CIFS filesystem anywhere by passing directory traversal sequences.

Recommendations For Cantata versions prior to 2.3.2, update to version 2.3.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the mpOk() function in the cantata-mounter D-Bus service to minimize the risk of exploitation.