CWE-59
Improper Link Resolution Before File Access ('Link Following')
Description
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76
CVEs mapped to this weakness (818)
page 22 of 41| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-3902 | 0.00 | — | 0.01 | Apr 22, 2019 | A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository. | |||
| CVE-2019-1002101 | 0.00 | — | 0.13 | Apr 1, 2019 | The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is… | |||
| CVE-2018-17567 | — | Hig | 0.00 | 7.5 | 0.02 | Sep 28, 2018 | Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file. | |
| CVE-2017-7500 | — | Hig | 0.00 | 7.3 | 0.00 | Aug 13, 2018 | It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write… | |
| CVE-2018-10897 | Hig | 0.00 | 8.1 | 0.06 | Aug 1, 2018 | A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted… | ||
| CVE-2018-13054 | Hig | 0.00 | 8.1 | 0.02 | Jul 2, 2018 | An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the… | ||
| CVE-2017-5188 | Med | 0.00 | 5.0 | 0.01 | Mar 1, 2018 | The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information. | ||
| CVE-2018-6198 | — | Med | 0.00 | 4.7 | 0.00 | Jan 25, 2018 | w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files. | |
| CVE-2015-5287 | 0.00 | — | 0.03 | Dec 7, 2015 | The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or… | |||
| CVE-2015-5273 | 0.00 | — | 0.01 | Dec 7, 2015 | The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp. | |||
| CVE-2015-0794 | 0.00 | — | 0.00 | Nov 19, 2015 | modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map. | |||
| CVE-2015-1335 | 0.00 | — | 0.00 | Oct 1, 2015 | lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source. | |||
| CVE-2015-6927 | 0.00 | — | 0.01 | Sep 28, 2015 | vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container (CT) root users to change the root password for arbitrary ploop containers, as demonstrated by a… | |||
| CVE-2015-5752 | 0.00 | — | 0.02 | Aug 17, 2015 | Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink. | |||
| CVE-2015-3759 | 0.00 | — | 0.00 | Aug 16, 2015 | Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink. | |||
| CVE-2015-1331 | 0.00 | — | 0.00 | Aug 12, 2015 | lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*. | |||
| CVE-2015-3436 | 0.00 | — | 0.00 | Jun 9, 2015 | provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock. | |||
| CVE-2015-4156 | 0.00 | — | 0.00 | Jun 2, 2015 | GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file. | |||
| CVE-2015-4155 | 0.00 | — | 0.00 | Jun 2, 2015 | GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file. | |||
| CVE-2015-3627 | 0.00 | — | 0.01 | May 18, 2015 | Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image. |
- CVE-2019-3902Apr 22, 2019risk 0.00cvss —epss 0.01
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
- CVE-2019-1002101Apr 1, 2019risk 0.00cvss —epss 0.13
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is…
- risk 0.00cvss 7.5epss 0.02
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file.
- risk 0.00cvss 7.3epss 0.00
It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write…
- risk 0.00cvss 8.1epss 0.06
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted…
- risk 0.00cvss 8.1epss 0.02
An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the…
- risk 0.00cvss 5.0epss 0.01
The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information.
- risk 0.00cvss 4.7epss 0.00
w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.
- CVE-2015-5287Dec 7, 2015risk 0.00cvss —epss 0.03
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or…
- CVE-2015-5273Dec 7, 2015risk 0.00cvss —epss 0.01
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp.
- CVE-2015-0794Nov 19, 2015risk 0.00cvss —epss 0.00
modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map.
- CVE-2015-1335Oct 1, 2015risk 0.00cvss —epss 0.00
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.
- CVE-2015-6927Sep 28, 2015risk 0.00cvss —epss 0.01
vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container (CT) root users to change the root password for arbitrary ploop containers, as demonstrated by a…
- CVE-2015-5752Aug 17, 2015risk 0.00cvss —epss 0.02
Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink.
- CVE-2015-3759Aug 16, 2015risk 0.00cvss —epss 0.00
Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink.
- CVE-2015-1331Aug 12, 2015risk 0.00cvss —epss 0.00
lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.
- CVE-2015-3436Jun 9, 2015risk 0.00cvss —epss 0.00
provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.
- CVE-2015-4156Jun 2, 2015risk 0.00cvss —epss 0.00
GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.
- CVE-2015-4155Jun 2, 2015risk 0.00cvss —epss 0.00
GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.
- CVE-2015-3627May 18, 2015risk 0.00cvss —epss 0.01
Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.