CVE-2018-10906 MEDIUM

CVE-2018-10906

Vendor [Unknown]

Product fuse

Weakness CWE-285

Published July 24, 2018

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.

Key dates

02Disclosure timeline

July 24, 2018 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-10906

Related vulnerabilities

Identifiers

CVE CVE-2018-10906

CWE CWE-285

CVSS 5.3 / MEDIUM

Affected versions

Vendor [Unknown]

Product fuse

Affected fuse 2.9.8

Vendor [Unknown]

Product fuse

Affected fuse 3.2.5

CVE-2018-10906

01Description

02Disclosure timeline

03References

04Related CVE