Sign In

CVE-2018-7738

ADVISORY - nist

Summary

In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.

EPSS Score: 0.00058 (0.183)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-noinfo

ADVISORY - redhat

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2018-7738
EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-noinfo

CVSS SCORE

7.8high

Debian

CREATED

UPDATED

ADVISORY IDCVE-2018-7738
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2018-7738
EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.8low

Amazon

CREATED

UPDATED

ADVISORY IDALAS2-2022-1878
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2018-7738
EXPLOITABILITY SCORE

0.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-78

CVSS SCORE

6.7medium

Photon

CREATED

UPDATED

ADVISORY ID

CVE-2018-7738

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.2high

intheWild

CREATED

UPDATED

ADVISORY IDCVE-2018-7738
EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY