VYPR

CWE-59

Improper Link Resolution Before File Access ('Link Following')

BaseDraftLikelihood: Medium

Description

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76

CVEs mapped to this weakness (818)

page 19 of 41
  • CVE-2025-0377Jan 21, 2025
    risk 0.00cvss epss 0.01

    HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry.

  • CVE-2024-9341Oct 1, 2024
    risk 0.00cvss epss 0.01

    A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting…

  • CVE-2024-29069Jul 25, 2024
    risk 0.00cvss epss 0.00

    In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image…

  • CVE-2024-38081Jul 9, 2024
    risk 0.00cvss epss 0.01

    .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

  • CVE-2024-3829Jun 3, 2024
    risk 0.00cvss epss 0.01

    qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a…

  • CVE-2024-1329Feb 8, 2024
    risk 0.00cvss epss 0.01

    HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14.

  • CVE-2023-43116Dec 22, 2023
    risk 0.00cvss epss 0.00

    A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script.

  • CVE-2023-6069Nov 10, 2023
    risk 0.00cvss epss 0.01

    Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.

  • CVE-2023-5834Oct 27, 2023
    risk 0.00cvss epss 0.00

    HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.

  • CVE-2023-46655Oct 25, 2023
    risk 0.00cvss epss 0.01

    Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from…

  • CVE-2023-46654Oct 25, 2023
    risk 0.00cvss epss 0.01

    Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the…

  • CVE-2023-28642Mar 29, 2023
    risk 0.00cvss epss 0.00

    runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by…

  • CVE-2023-1314Mar 21, 2023
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in cloudflared's installer (<= 2023.3.0) for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. This vulnerability exists because the MSI installer used…

  • CVE-2023-25168Feb 8, 2023
    risk 0.00cvss epss 0.01

    Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to use this exploit, an…

  • CVE-2023-25152Feb 8, 2023
    risk 0.00cvss epss 0.01

    Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations,…

  • CVE-2021-4287Dec 27, 2022
    risk 0.00cvss epss 0.02

    A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is…

  • CVE-2022-4122Dec 8, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.

  • CVE-2022-39215Sep 15, 2022
    risk 0.00cvss epss 0.01

    Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction…

  • CVE-2022-36113Sep 14, 2022
    risk 0.00cvss epss 0.01

    Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the ~/.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the…

  • CVE-2022-31036Jun 27, 2022
    risk 0.00cvss epss 0.01

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A…