{"id":"CVE-2018-12560","details":"An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring.","modified":"2026-04-10T04:06:00.197694Z","published":"2018-06-19T05:29:00.357Z","related":["MGASA-2018-0314"],"references":[{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2018/06/18/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cdrummond/cantata","events":[{"introduced":"0"},{"last_affected":"d193cfe3361538ac41275f60bb78b1c7a8f8e706"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.3.1"}]}}],"versions":["v2.1.0","v2.2.0","v2.3.0","v2.3.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-12560.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}