VYPR

CWE-59

Improper Link Resolution Before File Access ('Link Following')

BaseDraftLikelihood: Medium

Description

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76

CVEs mapped to this weakness (818)

page 20 of 41
  • CVE-2021-41641Jun 12, 2022
    risk 0.00cvss epss 0.00

    Deno <=1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific write access, the Deno.symlink method can be used to gain access to any directory.

  • CVE-2022-24904May 20, 2022
    risk 0.00cvss epss 0.01

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.7.0 and prior to versions 2.1.15m 2.2.9, and 2.3.4 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive files…

  • CVE-2021-27116Apr 5, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally.

  • CVE-2021-27117Apr 5, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally.

  • CVE-2022-27816Mar 30, 2022
    risk 0.00cvss epss 0.00

    SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service.

  • CVE-2022-27815Mar 29, 2022
    risk 0.00cvss epss 0.01

    SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an information leak or denial of service.

  • CVE-2022-25177Feb 15, 2022
    risk 0.00cvss epss 0.02

    Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files…

  • CVE-2022-25176Feb 15, 2022
    risk 0.00cvss epss 0.02

    Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines to read…

  • CVE-2022-25179Feb 15, 2022
    risk 0.00cvss epss 0.02

    Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read…

  • CVE-2021-23772Dec 24, 2021
    risk 0.00cvss epss 0.02

    This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target…

  • CVE-2021-21695Nov 4, 2021
    risk 0.00cvss epss 0.02

    FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

  • CVE-2021-21691Nov 4, 2021
    risk 0.00cvss epss 0.02

    Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

  • CVE-2021-21686Nov 4, 2021
    risk 0.00cvss epss 0.02

    File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories.

  • CVE-2021-39135Aug 31, 2021
    risk 0.00cvss epss 0.01

    `@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed…

  • CVE-2021-39134Aug 31, 2021
    risk 0.00cvss epss 0.01

    `@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed…

  • CVE-2021-37712Aug 31, 2021
    risk 0.00cvss epss 0.02

    The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This…

  • CVE-2021-37701Aug 31, 2021
    risk 0.00cvss epss 0.03

    The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This…

  • CVE-2021-32803Aug 3, 2021
    risk 0.00cvss epss 0.08

    The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not…

  • CVE-2021-32610Jul 27, 2021
    risk 0.00cvss epss 0.73

    In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.

  • CVE-2021-31154May 27, 2021
    risk 0.00cvss epss 0.00

    pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack.