Lucene search
K

8 matches found

EUVD
EUVD
added 2026/06/01 5:36 p.m.14 views

EUVD-2026-33727

Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...

8.1CVSS5.9AI score0.00239EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/18 1:7 a.m.13 views

Amazon EFS CSI Driver has mount option injection via unsanitized volumeHandle and mounttargetip fields

Summary The Amazon EFS CSI Driver is a Container Storage Interface driver that allows Kubernetes clusters to use Amazon Elastic File System. An issue exists where, under certain circumstances, unsanitized values in the volumeHandle and mounttargetip fields are passed directly to the mount command...

6.9CVSS5.8AI score0.00424EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/18 1:7 a.m.7 views

GHSA-MPH4-Q2VM-W2PW Amazon EFS CSI Driver has mount option injection via unsanitized volumeHandle and mounttargetip fields

Summary The Amazon EFS CSI Driver is a Container Storage Interface driver that allows Kubernetes clusters to use Amazon Elastic File System. An issue exists where, under certain circumstances, unsanitized values in the volumeHandle and mounttargetip fields are passed directly to the mount command...

6.9CVSS5.8AI score0.00424EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/17 6:41 p.m.3 views

CVE-2026-6437 AWS EFS CSI Driver Mount Option Injection

Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver aws-efs-csi-driver before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection. To remediate this issue, users...

6.9CVSS5.9AI score0.00424EPSS
Exploits0References3
CVE
CVE
added 2026/04/17 6:41 p.m.11 views

CVE-2026-6437

CVE-2026-6437 concerns the AWS EFS CSI Driver (aws-efs-csi-driver) prior to v3.0.1. The flaw is improper neutralization of argument delimiters in the volume handling component, which allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via...

6.9CVSS5.9AI score0.00424EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/17 6:41 p.m.32 views

CVE-2026-6437 AWS EFS CSI Driver Mount Option Injection

Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver aws-efs-csi-driver before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection. To remediate this issue, users...

6.9CVSS0.00424EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.5 views

PT-2026-33485

Name of the Vulnerable Software and Affected Versions AWS EFS CSI Driver versions prior to v3.0.1 Description Improper neutralization of argument delimiters in the volume handling component allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount...

6.9CVSS5.9AI score0.00424EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2023/02/15 4:26 a.m.6 views

SUSE CVE-2018-12561

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as filemode= by manipulating for example the domain parameter of the samba URL...

8.8CVSS9.1AI score0.01382EPSS
Exploits0References3
Rows per page
Query Builder