CVE-2013-0157

CWE-200Information ExposureCWE-79Cross-site Scripting (XSS)12 documents8 sources
Severity
2.1LOW
EPSS
0.1%
top 81.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Kernel Util-linux
Timeline
PublishedJan 21
Latest updateMay 14

Description

(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

Debianutil-linux< 2.20.1-5.5+3
NVDkernel/util-linux2.14.1, 2.17.2+1

🔴Vulnerability Details

4
GHSA
OpenStack Dashboard (aka Horizon) vulnerable to Cross-site Scripting2022-05-14
GHSA
GHSA-5f9c-xx25-xwrv: (a) mount and (b) umount in util-linux 22022-05-05
CVEList
CVE-2013-0157: (a) mount and (b) umount in util-linux 22014-01-21
OSV
CVE-2013-0157: (a) mount and (b) umount in util-linux 22014-01-21

📋Vendor Advisories

3
Red Hat
openstack-horizon: XSS in Horizon orchestration dashboard when using a malicious template2014-04-08
Red Hat
util-linux: mount folder existence information disclosure2013-01-05
Debian
CVE-2013-0157: util-linux - (a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versio...2013

💬Community

4
Bugzilla
CVE-2014-0157 openstack-horizon: XSS in Horizon orchestration dashboard when using a malicious template2014-04-01
Bugzilla
CVE-2013-0157 util-linux: mount folder existence information disclosure [fedora-16]2013-01-07
Bugzilla
CVE-2013-0157 util-linux: mount folder existence information disclosure [fedora-17]2013-01-07
Bugzilla
CVE-2013-0157 util-linux: mount folder existence information disclosure2013-01-06
CVE-2013-0157 (LOW CVSS 2.1) | (a) mount and (b) umount in util-li | cvebase.io