PT-2021-20327 · Fuse · Fuse
Published
2021-06-03
·
Updated
2021-06-09
·
CVE-2021-33805
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions:
FUSE versions prior to 2.9.8
Description:
The issue allows local attackers to specify the allow other option, even if it is forbidden in /etc/fuse.conf, leading to exposure of FUSE filesystems to other users. This issue only affects systems with SELinux active.
Recommendations:
For versions prior to 2.9.8, update to version 2.9.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the FUSE filesystems to minimize the risk of exploitation.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Fuse