CWE-59
AllowedImproper Link Resolution Before File Access ('Link Following')
Abstraction: Base · Status: Draft
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
1984 vulnerabilities reference this CWE, most recent first.
GHSA-5368-6H4H-GR29
Vulnerability from github – Published: 2026-04-28 00:31 – Updated: 2026-05-06 19:05When an application is configured to use ApplicationPidFileWriter, a local attacker with write access to the PID file's location can corrupt one file on the host each time the application is started.
Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); PID file / symlink behavior (ApplicationPidFileWriter). Versions that are no longer supported are also affected per vendor advisory.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.boot:spring-boot-cassandra"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.0.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.boot:spring-boot-cassandra"
},
"ranges": [
{
"events": [
{
"introduced": "3.5.0"
},
{
"fixed": "3.5.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.boot:spring-boot-cassandra"
},
"ranges": [
{
"events": [
{
"introduced": "3.4.0"
},
{
"last_affected": "3.4.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.boot:spring-boot-cassandra"
},
"ranges": [
{
"events": [
{
"introduced": "3.3.0"
},
{
"last_affected": "3.3.18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.boot:spring-boot-cassandra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.7.32"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-40977"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-06T19:05:35Z",
"nvd_published_at": "2026-04-28T00:16:24Z",
"severity": "MODERATE"
},
"details": "When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write access to the PID file\u0027s location can corrupt one file on the host each time the application is started.\n\nAffected: Spring Boot 4.0.0\u20134.0.5 (fix 4.0.6), 3.5.0\u20133.5.13 (fix 3.5.14), 3.4.0\u20133.4.15 (fix 3.4.16), 3.3.0\u20133.3.18 (fix 3.3.19), 2.7.0\u20132.7.32 (fix 2.7.33); PID file / symlink behavior (`ApplicationPidFileWriter`). Versions that are no longer supported are also affected per vendor advisory.",
"id": "GHSA-5368-6h4h-gr29",
"modified": "2026-05-06T19:05:35Z",
"published": "2026-04-28T00:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40977"
},
{
"type": "PACKAGE",
"url": "https://github.com/spring-projects/spring-boot"
},
{
"type": "WEB",
"url": "https://spring.io/security/cve-2026-40977"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
}
],
"summary": "Spring Boot\u0027s PID file write follows symlinks at predictable default path"
}
GHSA-53CH-PXC8-6G72
Vulnerability from github – Published: 2026-06-29 15:32 – Updated: 2026-07-02 12:30acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who control any component of a pathname processed by a privileged caller can redirect ACL read or write operations to arbitrary files or directories, enabling unauthorized manipulation of access control lists and local privilege escalation.
{
"affected": [],
"aliases": [
"CVE-2026-54369"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-29T14:16:57Z",
"severity": "HIGH"
},
"details": "acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who control any component of a pathname processed by a privileged caller can redirect ACL read or write operations to arbitrary files or directories, enabling unauthorized manipulation of access control lists and local privilege escalation.",
"id": "GHSA-53ch-pxc8-6g72",
"modified": "2026-07-02T12:30:58Z",
"published": "2026-06-29T15:32:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54369"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34351"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-54369"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490277"
},
{
"type": "WEB",
"url": "https://cgit.git.savannah.nongnu.org/cgit/acl.git/commit/?id=24a227d0ab8576612194f8a56c2314389adc74a5"
},
{
"type": "WEB",
"url": "https://cgit.git.savannah.nongnu.org/cgit/acl.git/commit/?id=3589787cd589b34bdd9265936e17190b6d3f17d1"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-54369.json"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/acl-symlink-traversal-privilege-escalation-via-libacl-functions"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-53P9-M4MR-WP8X
Vulnerability from github – Published: 2022-05-24 17:06 – Updated: 2025-10-22 00:31An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'.
{
"affected": [],
"aliases": [
"CVE-2020-0638"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-14T23:15:00Z",
"severity": "MODERATE"
},
"details": "An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Update Notification Manager Elevation of Privilege Vulnerability\u0027.",
"id": "GHSA-53p9-m4mr-wp8x",
"modified": "2025-10-22T00:31:49Z",
"published": "2022-05-24T17:06:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0638"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0638"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0638"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-53WM-97P6-582F
Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2026-06-05 17:53A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "instack-undercloud"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-7549"
],
"database_specific": {
"cwe_ids": [
"CWE-377",
"CWE-59"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-22T22:48:23Z",
"nvd_published_at": "2017-09-21T21:29:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.",
"id": "GHSA-53wm-97p6-582f",
"modified": "2026-06-05T17:53:43Z",
"published": "2022-05-13T01:07:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7549"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2557"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2649"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2687"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2693"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2726"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2017-7549"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477403"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/instack/PYSEC-2017-152.yaml"
},
{
"type": "WEB",
"url": "https://opendev.org/openstack/instack-undercloud"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20170907040549/http://www.securityfocus.com/bid/100407"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100407"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "instack-undercloud vulnerable to symlink attack on tmp files"
}
GHSA-548G-PCC5-4492
Vulnerability from github – Published: 2024-03-12 18:31 – Updated: 2024-03-12 18:31Windows Update Stack Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-21432"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-12T17:15:51Z",
"severity": "HIGH"
},
"details": "Windows Update Stack Elevation of Privilege Vulnerability",
"id": "GHSA-548g-pcc5-4492",
"modified": "2024-03-12T18:31:13Z",
"published": "2024-03-12T18:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21432"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21432"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-548J-7QQV-2MVF
Vulnerability from github – Published: 2022-05-17 01:07 – Updated: 2022-05-17 01:07mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700.
{
"affected": [],
"aliases": [
"CVE-2015-5701"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-25T18:29:00Z",
"severity": "MODERATE"
},
"details": "mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700.",
"id": "GHSA-548j-7qqv-2mvf",
"modified": "2022-05-17T01:07:50Z",
"published": "2022-05-17T01:07:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5701"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1181167"
},
{
"type": "WEB",
"url": "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613\u0026r2=22885"
},
{
"type": "WEB",
"url": "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/07/30/6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-54R8-8CQ2-5P82
Vulnerability from github – Published: 2022-05-24 19:09 – Updated: 2022-07-03 00:00A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. This issue affects: SUSE Linux Enterprise Server 12 SP3 clone-master-clean-up version 1.6-4.6.1 and prior versions. SUSE Linux Enterprise Server 15 SP1 clone-master-clean-up version 1.6-3.9.1 and prior versions. openSUSE Factory clone-master-clean-up version 1.6-1.4 and prior versions.
{
"affected": [],
"aliases": [
"CVE-2021-32000"
],
"database_specific": {
"cwe_ids": [
"CWE-59",
"CWE-61"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-28T10:15:00Z",
"severity": "HIGH"
},
"details": "A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files.\nThis issue affects:\nSUSE Linux Enterprise Server 12 SP3\nclone-master-clean-up version 1.6-4.6.1 and prior versions.\nSUSE Linux Enterprise Server 15 SP1\nclone-master-clean-up version 1.6-3.9.1 and prior versions.\nopenSUSE Factory\nclone-master-clean-up version 1.6-1.4 and prior versions.",
"id": "GHSA-54r8-8cq2-5p82",
"modified": "2022-07-03T00:00:23Z",
"published": "2022-05-24T19:09:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32000"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1181050"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-552W-74VW-6JF7
Vulnerability from github – Published: 2022-05-17 02:18 – Updated: 2022-05-17 02:18filters/any-UTF8 in konwert 1.8 allows local users to delete arbitrary files via a symlink attack on a /tmp/any-##### temporary file.
{
"affected": [],
"aliases": [
"CVE-2008-4964"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-11-06T15:55:00Z",
"severity": "MODERATE"
},
"details": "filters/any-UTF8 in konwert 1.8 allows local users to delete arbitrary files via a symlink attack on a /tmp/any-##### temporary file.",
"id": "GHSA-552w-74vw-6jf7",
"modified": "2022-05-17T02:18:32Z",
"published": "2022-05-17T02:18:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4964"
},
{
"type": "WEB",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44821"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/496379"
},
{
"type": "WEB",
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/konwert-filters"
},
{
"type": "WEB",
"url": "http://uvw.ru/report.lenny.txt"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/30914"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-55GW-QCG5-XJRX
Vulnerability from github – Published: 2022-05-02 06:15 – Updated: 2025-04-11 03:31client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file.
{
"affected": [],
"aliases": [
"CVE-2010-0787"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-03-02T18:30:00Z",
"severity": "MODERATE"
},
"details": "client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file.",
"id": "GHSA-55gw-qcg5-xjrx",
"modified": "2025-04-11T03:31:56Z",
"published": "2022-05-02T06:15:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0787"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=532940"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=558833"
},
{
"type": "WEB",
"url": "https://bugzilla.samba.org/show_bug.cgi?id=6853"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55944"
},
{
"type": "WEB",
"url": "http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=3ae5dac462c4ed0fb2cd94553583c56fce2f9d80"
},
{
"type": "WEB",
"url": "http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=a0c31ec1c8d1220a5884e40d9ba6b191a04a24d5"
},
{
"type": "WEB",
"url": "http://git.samba.org/?p=samba.git;a=commit;h=3ae5dac462c4ed0fb2cd94553583c56fce2f9d80"
},
{
"type": "WEB",
"url": "http://git.samba.org/?p=samba.git;a=commit;h=a0c31ec1c8d1220a5884e40d9ba6b191a04a24d5"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034444.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034470.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38286"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38308"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38357"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-201206-29.xml"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:090"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/37992"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/39898"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-893-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1062"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-55VH-8Q94-G3P9
Vulnerability from github – Published: 2022-12-21 21:30 – Updated: 2022-12-21 21:30A vulnerability was found in Freedom of the Press SecureDrop. It has been rated as critical. Affected by this issue is some unknown functionality of the file gpg-agent.conf. The manipulation leads to symlink following. Local access is required to approach this attack. The name of the patch is b0526a06f8ca713cce74b63e00d3730618d89691. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215972.
{
"affected": [],
"aliases": [
"CVE-2022-4563"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-16T17:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in Freedom of the Press SecureDrop. It has been rated as critical. Affected by this issue is some unknown functionality of the file gpg-agent.conf. The manipulation leads to symlink following. Local access is required to approach this attack. The name of the patch is b0526a06f8ca713cce74b63e00d3730618d89691. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215972.",
"id": "GHSA-55vh-8q94-g3p9",
"modified": "2022-12-21T21:30:16Z",
"published": "2022-12-21T21:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4563"
},
{
"type": "WEB",
"url": "https://github.com/freedomofpress/securedrop/pull/6704"
},
{
"type": "WEB",
"url": "https://github.com/freedomofpress/securedrop/commit/b0526a06f8ca713cce74b63e00d3730618d89691"
},
{
"type": "WEB",
"url": "https://github.com/freedomofpress/securedrop/compare/2.5.0...2.5.1"
},
{
"type": "WEB",
"url": "https://securedrop.org/news/2_5_1-security-advisory"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.215972"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-48.1
Strategy: Separation of Privilege
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack
An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.
CAPEC-17: Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.