CWE-59
Improper Link Resolution Before File Access ('Link Following')
Description
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76
CVEs mapped to this weakness (818)
page 19 of 41| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-0377 | — | 0.00 | — | 0.01 | Jan 21, 2025 | HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. | ||
| CVE-2024-9341 | 0.00 | — | 0.01 | Oct 1, 2024 | A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting… | |||
| CVE-2024-29069 | 0.00 | — | 0.00 | Jul 25, 2024 | In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image… | |||
| CVE-2024-38081 | 0.00 | — | 0.01 | Jul 9, 2024 | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | |||
| CVE-2024-3829 | 0.00 | — | 0.01 | Jun 3, 2024 | qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a… | |||
| CVE-2024-1329 | 0.00 | — | 0.01 | Feb 8, 2024 | HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14. | |||
| CVE-2023-43116 | — | 0.00 | — | 0.00 | Dec 22, 2023 | A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script. | ||
| CVE-2023-6069 | 0.00 | — | 0.01 | Nov 10, 2023 | Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0. | |||
| CVE-2023-5834 | 0.00 | — | 0.00 | Oct 27, 2023 | HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0. | |||
| CVE-2023-46655 | 0.00 | — | 0.01 | Oct 25, 2023 | Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from… | |||
| CVE-2023-46654 | 0.00 | — | 0.01 | Oct 25, 2023 | Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the… | |||
| CVE-2023-28642 | — | 0.00 | — | 0.00 | Mar 29, 2023 | runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by… | ||
| CVE-2023-1314 | — | 0.00 | — | 0.00 | Mar 21, 2023 | A vulnerability has been discovered in cloudflared's installer (<= 2023.3.0) for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. This vulnerability exists because the MSI installer used… | ||
| CVE-2023-25168 | 0.00 | — | 0.01 | Feb 8, 2023 | Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to use this exploit, an… | |||
| CVE-2023-25152 | 0.00 | — | 0.01 | Feb 8, 2023 | Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations,… | |||
| CVE-2021-4287 | — | 0.00 | — | 0.02 | Dec 27, 2022 | A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is… | ||
| CVE-2022-4122 | — | 0.00 | — | 0.01 | Dec 8, 2022 | A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure. | ||
| CVE-2022-39215 | 0.00 | — | 0.01 | Sep 15, 2022 | Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction… | |||
| CVE-2022-36113 | — | 0.00 | — | 0.01 | Sep 14, 2022 | Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the ~/.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the… | ||
| CVE-2022-31036 | 0.00 | — | 0.01 | Jun 27, 2022 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A… |
- CVE-2025-0377Jan 21, 2025risk 0.00cvss —epss 0.01
HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry.
- CVE-2024-9341Oct 1, 2024risk 0.00cvss —epss 0.01
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting…
- CVE-2024-29069Jul 25, 2024risk 0.00cvss —epss 0.00
In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image…
- CVE-2024-38081Jul 9, 2024risk 0.00cvss —epss 0.01
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
- CVE-2024-3829Jun 3, 2024risk 0.00cvss —epss 0.01
qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a…
- CVE-2024-1329Feb 8, 2024risk 0.00cvss —epss 0.01
HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14.
- CVE-2023-43116Dec 22, 2023risk 0.00cvss —epss 0.00
A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script.
- CVE-2023-6069Nov 10, 2023risk 0.00cvss —epss 0.01
Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.
- CVE-2023-5834Oct 27, 2023risk 0.00cvss —epss 0.00
HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.
- CVE-2023-46655Oct 25, 2023risk 0.00cvss —epss 0.01
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from…
- CVE-2023-46654Oct 25, 2023risk 0.00cvss —epss 0.01
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the…
- CVE-2023-28642Mar 29, 2023risk 0.00cvss —epss 0.00
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by…
- CVE-2023-1314Mar 21, 2023risk 0.00cvss —epss 0.00
A vulnerability has been discovered in cloudflared's installer (<= 2023.3.0) for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. This vulnerability exists because the MSI installer used…
- CVE-2023-25168Feb 8, 2023risk 0.00cvss —epss 0.01
Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to use this exploit, an…
- CVE-2023-25152Feb 8, 2023risk 0.00cvss —epss 0.01
Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations,…
- CVE-2021-4287Dec 27, 2022risk 0.00cvss —epss 0.02
A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is…
- CVE-2022-4122Dec 8, 2022risk 0.00cvss —epss 0.01
A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.
- CVE-2022-39215Sep 15, 2022risk 0.00cvss —epss 0.01
Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction…
- CVE-2022-36113Sep 14, 2022risk 0.00cvss —epss 0.01
Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the ~/.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the…
- CVE-2022-31036Jun 27, 2022risk 0.00cvss —epss 0.01
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A…