Files or Directories Accessible to External Parties

CVE-2021-3995

Medium

5.5/10

Summary

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-552 - Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

References

Advisory Timeline

Published Aug 23, 2022

Files or Directories Accessible to External Parties

CVE-2021-3995

Summary

CWE-552 - Files or Directories Accessible to External Parties

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS