Common Weakness Enumeration

CWE-59

Allowed

Improper Link Resolution Before File Access ('Link Following')

Abstraction: Base · Status: Draft

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1992 vulnerabilities reference this CWE, most recent first.

GHSA-GPH2-PH9G-MQFQ

Vulnerability from github – Published: 2022-05-01 07:32 – Updated: 2022-05-01 07:32
VLAI
Details

openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2006-5851"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-11-10T02:07:00Z",
    "severity": "LOW"
  },
  "details": "openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328.",
  "id": "GHSA-gph2-ph9g-mqfq",
  "modified": "2022-05-01T07:32:23Z",
  "published": "2022-05-01T07:32:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5851"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/2737"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=full-disclosure\u0026m=116296717330758\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22742"
    },
    {
      "type": "WEB",
      "url": "http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/4404"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GPV2-XXVX-F68G

Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2025-04-12 12:34
VLAI
Details

libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-3977"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-06-08T23:55:00Z",
    "severity": "MODERATE"
  },
  "details": "libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.",
  "id": "GHSA-gpv2-xxvx-f68g",
  "modified": "2025-04-12T12:34:34Z",
  "published": "2022-05-13T01:06:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3977"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93595"
    },
    {
      "type": "WEB",
      "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3977"
    },
    {
      "type": "WEB",
      "url": "http://aix.software.ibm.com/aix/efixes/security/libodm_advisory.asc"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/127067/IBM-AIX-6.1.8-Privilege-Escalation.html"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/33725"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60299"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60303"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60311"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60312"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60313"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60314"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1030401"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GQ3G-4FMC-4F5J

Vulnerability from github – Published: 2022-05-02 03:28 – Updated: 2022-05-02 03:28
VLAI
Details

Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on an unspecified "result file."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2009-1753"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-05-22T11:53:00Z",
    "severity": "LOW"
  },
  "details": "Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on an unspecified \"result file.\"",
  "id": "GHSA-gq3g-4fmc-4f5j",
  "modified": "2022-05-02T03:28:14Z",
  "published": "2022-05-02T03:28:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1753"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00731.html"
    },
    {
      "type": "WEB",
      "url": "http://packages.debian.org/changelogs/pool/main/c/coccinelle/coccinelle_0.1.7.deb-3/changelog"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35012"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35459"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2009/05/06/2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/34848"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GQ9C-43PH-F77C

Vulnerability from github – Published: 2022-05-02 03:52 – Updated: 2022-05-02 03:52
VLAI
Details

Merkaartor 0.14 allows local users to append data to arbitrary files via a symlink attack on the /tmp/merkaartor.log temporary file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2009-4193"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-12-03T19:30:00Z",
    "severity": "LOW"
  },
  "details": "Merkaartor 0.14 allows local users to append data to arbitrary files via a symlink attack on the /tmp/merkaartor.log temporary file.",
  "id": "GHSA-gq9c-43ph-f77c",
  "modified": "2022-05-02T03:52:40Z",
  "published": "2022-05-02T03:52:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4193"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53486"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00869.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00870.html"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548546"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/58389"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36897"
    },
    {
      "type": "WEB",
      "url": "http://trac.openstreetmap.org/ticket/2320"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/36529"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GQ9W-WR34-CG54

Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40
VLAI
Details

IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 192423.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-4966"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-21T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.  IBM X-Force ID:  192423.",
  "id": "GHSA-gq9w-wr34-cg54",
  "modified": "2022-05-24T17:40:02Z",
  "published": "2022-05-24T17:40:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4966"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192423"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6403233"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GQQQ-9PQW-6V5R

Vulnerability from github – Published: 2022-04-21 01:57 – Updated: 2024-02-28 01:09
VLAI
Details

The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2010-0398"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-30T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack.",
  "id": "GHSA-gqqq-9pqw-6v5r",
  "modified": "2024-02-28T01:09:58Z",
  "published": "2022-04-21T01:57:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0398"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/ubuntu/+source/autokey/+bug/538471"
    },
    {
      "type": "WEB",
      "url": "https://security-tracker.debian.org/tracker/CVE-2010-0398"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GQQR-58QX-V9QR

Vulnerability from github – Published: 2022-05-17 02:18 – Updated: 2022-05-17 02:18
VLAI
Details

tau 2.16.4 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/makefile.tau..##### or (2) /tmp/makefile.tau.##### temporary file, related to the (a) tau_cxx, (b) tau_f90, and (c) tau_cc scripts.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-5157"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-11-18T16:00:00Z",
    "severity": "MODERATE"
  },
  "details": "tau 2.16.4 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/makefile.tau.*.##### or (2) /tmp/makefile.tau*.##### temporary file, related to the (a) tau_cxx, (b) tau_f90, and (c) tau_cc scripts.",
  "id": "GHSA-gqqr-58qx-v9qr",
  "modified": "2022-05-17T02:18:02Z",
  "published": "2022-05-17T02:18:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5157"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46704"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506348"
    },
    {
      "type": "WEB",
      "url": "http://lists.debian.org/debian-devel/2008/08/msg00347.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32821"
    },
    {
      "type": "WEB",
      "url": "http://uvw.ru/report.sid.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/32404"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GQVF-8G7J-7GH5

Vulnerability from github – Published: 2024-02-21 09:31 – Updated: 2025-11-04 21:31
VLAI
Details

This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able to gain root privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-42942"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-21T07:15:50Z",
    "severity": "HIGH"
  },
  "details": "This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able to gain root privileges.",
  "id": "GHSA-gqvf-8g7j-7gh5",
  "modified": "2025-11-04T21:31:11Z",
  "published": "2024-02-21T09:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42942"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213981"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213982"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213984"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213985"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213987"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213988"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213982"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213984"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213988"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GR75-JV2W-4656

Vulnerability from github – Published: 2026-06-16 15:03 – Updated: 2026-07-08 17:36
VLAI
Summary
LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders
Details

Summary

Several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search agent middleware that validates a starting directory but not the search pattern or the resolved target of matched files, so glob patterns and symlinks can reach files outside the configured root; prompt- and chain/agent-configuration loaders that accept path fields and resolve them without confining the result to a trusted base or rejecting symlink targets; and path-prefix authorization checks that compare by string prefix without a path-segment boundary, so a sibling path sharing the prefix is accepted. When these components receive path values, search patterns, or workspace contents influenced by an untrusted source — including an LLM acting on untrusted input — the result can be disclosure of files outside the intended boundary. We have no evidence of this behavior being triggered in the wild.

Affected users / systems

You may be affected if you expose an agent with filesystem-search middleware over a directory and accept prompts or retrieved content influenced by untrusted sources; load prompt or chain/agent configuration from untrusted or shared sources; or rely on path-prefix restrictions to confine tool file access. Callers that confine these components to fully trusted inputs and first-party configuration are not affected.

Impact

  • Confidentiality: disclosure of file contents outside the intended root/sandbox.
  • Authorization: path-prefix bypass can grant access to sibling resources beyond the intended subtree.

Patches / mitigation

The affected components will canonicalize candidate paths (resolving symlinks) and verify the resolved real path remains within the configured root before reading or returning it; search patterns will be normalized so they cannot escape the root; configuration loaders will confine resolved path fields and reject symlink escapes unless the caller explicitly opts in to dangerous loading; and path-prefix checks will enforce a path-segment boundary. Path validation will be made operating-system-portable.

Compatibility

Callers that already pass only in-root paths, validated configuration, and trusted search inputs see no behavioral change. Callers that intentionally reference external paths can opt in via the existing dangerous-loading flag.

Operational guidance

Confine filesystem-backed agent tools to a dedicated directory and prefer running them sandboxed/containerized; validate path and identifier inputs where untrusted input enters; do not enable dangerous loading for configuration whose origin you do not control.

LangSmith / hosted deployments note

This issue concerns library components executed by agents.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.3.8"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "langchain"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.4.5"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "langchain-anthropic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.4.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-55443"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-59"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-16T15:03:14Z",
    "nvd_published_at": "2026-06-22T19:17:21Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nSeveral LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the *resolved* path to the intended root directory. Affected behaviors include: a file-search agent middleware that validates a starting directory but not the search pattern or the resolved target of matched files, so glob patterns and symlinks can reach files outside the configured root; prompt- and chain/agent-configuration loaders that accept path fields and resolve them without confining the result to a trusted base or rejecting symlink targets; and path-prefix authorization checks that compare by string prefix without a path-segment boundary, so a sibling path sharing the prefix is accepted. When these components receive path values, search patterns, or workspace contents influenced by an untrusted source \u2014 including an LLM acting on untrusted input \u2014 the result can be disclosure of files outside the intended boundary. We have no evidence of this behavior being triggered in the wild.\n\n## Affected users / systems\n\nYou may be affected if you expose an agent with filesystem-search middleware over a directory and accept prompts or retrieved content influenced by untrusted sources; load prompt or chain/agent configuration from untrusted or shared sources; or rely on path-prefix restrictions to confine tool file access. Callers that confine these components to fully trusted inputs and first-party configuration are not affected.\n\n## Impact\n\n- Confidentiality: disclosure of file contents outside the intended root/sandbox.\n- Authorization: path-prefix bypass can grant access to sibling resources beyond the intended subtree.\n\n## Patches / mitigation\n\nThe affected components will canonicalize candidate paths (resolving symlinks) and verify the resolved real path remains within the configured root before reading or returning it; search patterns will be normalized so they cannot escape the root; configuration loaders will confine resolved path fields and reject symlink escapes unless the caller explicitly opts in to dangerous loading; and path-prefix checks will enforce a path-segment boundary. Path validation will be made operating-system-portable.\n\n## Compatibility\n\nCallers that already pass only in-root paths, validated configuration, and trusted search inputs see no behavioral change. Callers that intentionally reference external paths can opt in via the existing dangerous-loading flag.\n\n## Operational guidance\n\nConfine filesystem-backed agent tools to a dedicated directory and prefer running them sandboxed/containerized; validate path and identifier inputs where untrusted input enters; do not enable dangerous loading for configuration whose origin you do not control.\n\n## LangSmith / hosted deployments note\n\nThis issue concerns library components executed by agents.",
  "id": "GHSA-gr75-jv2w-4656",
  "modified": "2026-07-08T17:36:59Z",
  "published": "2026-06-16T15:03:14Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/langchain-ai/langchain/security/advisories/GHSA-gr75-jv2w-4656"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55443"
    },
    {
      "type": "WEB",
      "url": "https://github.com/langchain-ai/langchain/commit/dcaf7795a3e6590af55c3ff7bda6add6355e9ea6"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/langchain-ai/langchain"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders"
}

GHSA-GRP6-P35V-PGFX

Vulnerability from github – Published: 2022-03-26 00:00 – Updated: 2022-04-05 00:01
VLAI
Details

Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-26659"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-25T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users.",
  "id": "GHSA-grp6-p35v-pgfx",
  "modified": "2022-04-05T00:01:00Z",
  "published": "2022-03-26T00:00:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26659"
    },
    {
      "type": "WEB",
      "url": "https://docs.docker.com/desktop/windows/release-notes"
    },
    {
      "type": "WEB",
      "url": "https://docs.docker.com/docker-for-windows/release-notes"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hmnthabit/Advisories/blob/master/CVE-2022-26659.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hmsec/Advisories/blob/master/CVE-2022-26659.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-48.1
Architecture and Design

Strategy: Separation of Privilege

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack

An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.

CAPEC-17: Using Malicious Files

An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.

CAPEC-35: Leverage Executable Code in Non-Executable Files

An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.