CWE-59
Improper Link Resolution Before File Access ('Link Following')
Description
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76
CVEs mapped to this weakness (818)
page 20 of 41| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-41641 | 0.00 | — | 0.00 | Jun 12, 2022 | Deno <=1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific write access, the Deno.symlink method can be used to gain access to any directory. | |||
| CVE-2022-24904 | 0.00 | — | 0.01 | May 20, 2022 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.7.0 and prior to versions 2.1.15m 2.2.9, and 2.3.4 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive files… | |||
| CVE-2021-27116 | 0.00 | — | 0.00 | Apr 5, 2022 | An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally. | |||
| CVE-2021-27117 | 0.00 | — | 0.00 | Apr 5, 2022 | An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally. | |||
| CVE-2022-27816 | — | 0.00 | — | 0.00 | Mar 30, 2022 | SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service. | ||
| CVE-2022-27815 | — | 0.00 | — | 0.01 | Mar 29, 2022 | SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an information leak or denial of service. | ||
| CVE-2022-25177 | 0.00 | — | 0.02 | Feb 15, 2022 | Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files… | |||
| CVE-2022-25176 | 0.00 | — | 0.02 | Feb 15, 2022 | Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines to read… | |||
| CVE-2022-25179 | — | 0.00 | — | 0.02 | Feb 15, 2022 | Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read… | ||
| CVE-2021-23772 | 0.00 | — | 0.02 | Dec 24, 2021 | This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target… | |||
| CVE-2021-21695 | 0.00 | — | 0.02 | Nov 4, 2021 | FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | |||
| CVE-2021-21691 | 0.00 | — | 0.02 | Nov 4, 2021 | Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | |||
| CVE-2021-21686 | 0.00 | — | 0.02 | Nov 4, 2021 | File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories. | |||
| CVE-2021-39135 | 0.00 | — | 0.01 | Aug 31, 2021 | `@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed… | |||
| CVE-2021-39134 | 0.00 | — | 0.01 | Aug 31, 2021 | `@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed… | |||
| CVE-2021-37712 | — | 0.00 | — | 0.02 | Aug 31, 2021 | The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This… | ||
| CVE-2021-37701 | — | 0.00 | — | 0.03 | Aug 31, 2021 | The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This… | ||
| CVE-2021-32803 | — | 0.00 | — | 0.08 | Aug 3, 2021 | The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not… | ||
| CVE-2021-32610 | — | 0.00 | — | 0.73 | Jul 27, 2021 | In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193. | ||
| CVE-2021-31154 | — | 0.00 | — | 0.00 | May 27, 2021 | pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack. |
- CVE-2021-41641Jun 12, 2022risk 0.00cvss —epss 0.00
Deno <=1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific write access, the Deno.symlink method can be used to gain access to any directory.
- CVE-2022-24904May 20, 2022risk 0.00cvss —epss 0.01
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.7.0 and prior to versions 2.1.15m 2.2.9, and 2.3.4 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive files…
- CVE-2021-27116Apr 5, 2022risk 0.00cvss —epss 0.00
An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally.
- CVE-2021-27117Apr 5, 2022risk 0.00cvss —epss 0.00
An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally.
- CVE-2022-27816Mar 30, 2022risk 0.00cvss —epss 0.00
SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service.
- CVE-2022-27815Mar 29, 2022risk 0.00cvss —epss 0.01
SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an information leak or denial of service.
- CVE-2022-25177Feb 15, 2022risk 0.00cvss —epss 0.02
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files…
- CVE-2022-25176Feb 15, 2022risk 0.00cvss —epss 0.02
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines to read…
- CVE-2022-25179Feb 15, 2022risk 0.00cvss —epss 0.02
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read…
- CVE-2021-23772Dec 24, 2021risk 0.00cvss —epss 0.02
This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target…
- CVE-2021-21695Nov 4, 2021risk 0.00cvss —epss 0.02
FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
- CVE-2021-21691Nov 4, 2021risk 0.00cvss —epss 0.02
Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
- CVE-2021-21686Nov 4, 2021risk 0.00cvss —epss 0.02
File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories.
- CVE-2021-39135Aug 31, 2021risk 0.00cvss —epss 0.01
`@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed…
- CVE-2021-39134Aug 31, 2021risk 0.00cvss —epss 0.01
`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed…
- CVE-2021-37712Aug 31, 2021risk 0.00cvss —epss 0.02
The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This…
- CVE-2021-37701Aug 31, 2021risk 0.00cvss —epss 0.03
The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This…
- CVE-2021-32803Aug 3, 2021risk 0.00cvss —epss 0.08
The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not…
- CVE-2021-32610Jul 27, 2021risk 0.00cvss —epss 0.73
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
- CVE-2021-31154May 27, 2021risk 0.00cvss —epss 0.00
pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack.