VYPR

CWE-59

Improper Link Resolution Before File Access ('Link Following')

BaseDraftLikelihood: Medium

Description

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76

CVEs mapped to this weakness (818)

page 22 of 41
  • CVE-2019-3902Apr 22, 2019
    risk 0.00cvss epss 0.01

    A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.

  • CVE-2019-1002101Apr 1, 2019
    risk 0.00cvss epss 0.13

    The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is…

  • CVE-2018-17567HigSep 28, 2018
    risk 0.00cvss 7.5epss 0.02

    Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file.

  • CVE-2017-7500HigAug 13, 2018
    risk 0.00cvss 7.3epss 0.00

    It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write…

  • CVE-2018-10897HigAug 1, 2018
    risk 0.00cvss 8.1epss 0.06

    A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted…

  • CVE-2018-13054HigJul 2, 2018
    risk 0.00cvss 8.1epss 0.02

    An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the…

  • CVE-2017-5188MedMar 1, 2018
    risk 0.00cvss 5.0epss 0.01

    The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information.

  • CVE-2018-6198MedJan 25, 2018
    risk 0.00cvss 4.7epss 0.00

    w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.

  • CVE-2015-5287Dec 7, 2015
    risk 0.00cvss epss 0.03

    The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or…

  • CVE-2015-5273Dec 7, 2015
    risk 0.00cvss epss 0.01

    The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp.

  • CVE-2015-0794Nov 19, 2015
    risk 0.00cvss epss 0.00

    modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map.

  • CVE-2015-1335Oct 1, 2015
    risk 0.00cvss epss 0.00

    lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.

  • CVE-2015-6927Sep 28, 2015
    risk 0.00cvss epss 0.01

    vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container (CT) root users to change the root password for arbitrary ploop containers, as demonstrated by a…

  • CVE-2015-5752Aug 17, 2015
    risk 0.00cvss epss 0.02

    Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink.

  • CVE-2015-3759Aug 16, 2015
    risk 0.00cvss epss 0.00

    Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink.

  • CVE-2015-1331Aug 12, 2015
    risk 0.00cvss epss 0.00

    lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.

  • CVE-2015-3436Jun 9, 2015
    risk 0.00cvss epss 0.00

    provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.

  • CVE-2015-4156Jun 2, 2015
    risk 0.00cvss epss 0.00

    GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.

  • CVE-2015-4155Jun 2, 2015
    risk 0.00cvss epss 0.00

    GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.

  • CVE-2015-3627May 18, 2015
    risk 0.00cvss epss 0.01

    Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.