Common Weakness Enumeration

CWE-59

Allowed

Improper Link Resolution Before File Access ('Link Following')

Abstraction: Base · Status: Draft

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1987 vulnerabilities reference this CWE, most recent first.

GHSA-RH5F-2W6R-Q7VJ

Vulnerability from github – Published: 2022-05-24 16:51 – Updated: 2023-08-25 21:29
VLAI
Summary
Podman Path Traversal Vulnerability leads to arbitrary file read/write
Details

A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator tries to copy a file from/to the container.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/containers/podman"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-10152"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-59"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-14T22:12:52Z",
    "nvd_published_at": "2019-07-30T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator tries to copy a file from/to the container.",
  "id": "GHSA-rh5f-2w6r-q7vj",
  "modified": "2023-08-25T21:29:12Z",
  "published": "2022-05-24T16:51:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10152"
    },
    {
      "type": "WEB",
      "url": "https://github.com/containers/libpod/issues/3211"
    },
    {
      "type": "WEB",
      "url": "https://github.com/containers/libpod/pull/3214"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10152"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/containers/libpod"
    },
    {
      "type": "WEB",
      "url": "https://github.com/containers/libpod/blob/master/RELEASE_NOTES.md#140"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Podman Path Traversal Vulnerability leads to arbitrary file read/write"
}

GHSA-RH6X-QVG7-RRMJ

Vulnerability from github – Published: 2018-10-10 17:23 – Updated: 2024-09-04 18:55
VLAI
Summary
Link Following in ansible
Details

The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.0.1.0"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "ansible"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0.0"
            },
            {
              "fixed": "2.0.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.9.6.0"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "ansible"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.9.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2016-3096"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:54:53Z",
    "nvd_published_at": "2016-06-03T14:59:00Z",
    "severity": "HIGH"
  },
  "details": "The `create_script` function in the `lxc_container` module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) `/opt/.lxc-attach-script`, (2) the archived container in the `archive_path` directory, or the (3) `lxc-attach-script.log` or (4) `lxc-attach-script.err` files in the temporary directory.",
  "id": "GHSA-rh6x-qvg7-rrmj",
  "modified": "2024-09-04T18:55:10Z",
  "published": "2018-10-10T17:23:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3096"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ansible/ansible-modules-extras/pull/1941"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ansible/ansible-modules-extras/commit/7c3999a92a1cd856ff9bc8913a93ff1aee8bffc3"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1322925"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-rh6x-qvg7-rrmj"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ansible/ansible"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ansible/ansible/blob/v1.9.6-1/CHANGELOG.md#196-dancing-in-the-street---tbd"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ansible/ansible/blob/v2.0.2.0-1/CHANGELOG.md#202-over-the-hills-and-far-away"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2016-1.yaml"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!topic/ansible-announce/E80HLZilTU0"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!topic/ansible-announce/tqiZbcWxYig"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#%21topic/ansible-announce/E80HLZilTU0"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#%21topic/ansible-announce/tqiZbcWxYig"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201607-14"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183103.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183132.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183252.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183274.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184175.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Link Following in ansible"
}

GHSA-RH99-WC69-C255

Vulnerability from github – Published: 2026-04-30 20:57 – Updated: 2026-04-30 20:57
VLAI
Summary
Contras Affected by CopyFile Policy Subversion via Symlinks
Details

Impact

The Kata agent policies generated by the Contrast CLI had an issue in the CopyFile verification, which allowed arbitrary writes to the guest root filesytem. A malicious process on the host with the capability to connect to the Kata agent VSOCK could connect to the agent and issue a series of CopyFile requests to overwrite security-critical files or trick the workload into disclosing sensitive data, which effectively amounts to a full guest takeover.

Patches

This issue has been patched in Contrast v1.19.1.

Note that this fix does not change the fact that host-provided content is generally not trustworthy, as documented.

Workarounds

If upgrading is not possible, users can implement the fix in rego and pass it to contrast generate --policy. The rego-only fix is a bit trickier than the patch, because the data to check is binary. See the references for details.

Resources

  • Upstream GHSA: https://github.com/kata-containers/kata-containers/security/advisories/GHSA-q49m-57vm-c8cc
  • Alternative policy-only fix: https://gist.github.com/burgerdev/304dd0ab0fff1665b7c27e18a30cf96e
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/edgelesssys/contrast"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.19.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-30T20:57:17Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\n\nThe [Kata agent policies](https://docs.edgeless.systems/contrast/architecture/components/policies) generated by the Contrast CLI had an issue in the `CopyFile` verification, which allowed arbitrary writes to the guest root filesytem. A malicious process on the host with the capability to connect to the Kata agent VSOCK could connect to the agent and issue a series of `CopyFile` requests to overwrite security-critical files or trick the workload into disclosing sensitive data, which effectively amounts to a full guest takeover.\n\n### Patches\n\nThis issue has been patched in Contrast v1.19.1.\n\nNote that this fix does not change the fact that host-provided content is generally not trustworthy, as documented.\n\n### Workarounds\n\nIf upgrading is not possible, users can implement the fix in rego and pass it to `contrast generate --policy`. The rego-only fix is a bit trickier than the patch, because the data to check is binary. See the references for details.\n\n### Resources\n\n* Upstream GHSA: https://github.com/kata-containers/kata-containers/security/advisories/GHSA-q49m-57vm-c8cc\n* Alternative policy-only fix: https://gist.github.com/burgerdev/304dd0ab0fff1665b7c27e18a30cf96e",
  "id": "GHSA-rh99-wc69-c255",
  "modified": "2026-04-30T20:57:17Z",
  "published": "2026-04-30T20:57:17Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/edgelesssys/contrast/security/advisories/GHSA-rh99-wc69-c255"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kata-containers/kata-containers/security/advisories/GHSA-q49m-57vm-c8cc"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/burgerdev/304dd0ab0fff1665b7c27e18a30cf96e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/edgelesssys/contrast"
    },
    {
      "type": "WEB",
      "url": "https://github.com/edgelesssys/contrast/releases/tag/v1.19.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Contras Affected by CopyFile Policy Subversion via Symlinks"
}

GHSA-RHM2-XQ3F-F6VJ

Vulnerability from github – Published: 2022-05-02 00:10 – Updated: 2022-05-02 00:10
VLAI
Details

The to-upgrade plugin in feta 1.4.16 allows local users to overwrite arbitrary files via a symlink on the (1) /tmp/feta.install.$USER and (2) /tmp/feta.avail.$USER temporary files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-4440"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-10-03T22:22:00Z",
    "severity": "HIGH"
  },
  "details": "The to-upgrade plugin in feta 1.4.16 allows local users to overwrite arbitrary files via a symlink on the (1) /tmp/feta.install.$USER and (2) /tmp/feta.avail.$USER temporary files.",
  "id": "GHSA-rhm2-xq3f-f6vj",
  "modified": "2022-05-02T00:10:08Z",
  "published": "2022-05-02T00:10:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4440"
    },
    {
      "type": "WEB",
      "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496397"
    },
    {
      "type": "WEB",
      "url": "http://dev.gentoo.org/~rbu/security/debiantemp/feta"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32155"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1643"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/30899"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-RJ6W-J3QM-R3RG

Vulnerability from github – Published: 2024-05-03 03:31 – Updated: 2024-05-03 03:31
VLAI
Details

G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the GDBackupSvc service. By creating a symbolic link, an attacker can abuse the service to create a file with a permissive DACL. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-20694.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-42126"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T03:15:52Z",
    "severity": "HIGH"
  },
  "details": "G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the GDBackupSvc service. By creating a symbolic link, an attacker can abuse the service to create a file with a permissive DACL. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-20694.",
  "id": "GHSA-rj6w-j3qm-r3rg",
  "modified": "2024-05-03T03:31:04Z",
  "published": "2024-05-03T03:31:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42126"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1493"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RJJX-559W-3H9W

Vulnerability from github – Published: 2023-04-04 12:30 – Updated: 2023-04-11 18:30
VLAI
Details

Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-25940"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-04T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees.",
  "id": "GHSA-rjjx-559w-3h9w",
  "modified": "2023-04-11T18:30:30Z",
  "published": "2023-04-04T12:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25940"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000211539/dell-emc-powerscale-onefs-security"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RM6C-XGJF-VHWG

Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2025-04-20 03:38
VLAI
Details

Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-8108"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-08T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file.",
  "id": "GHSA-rm6c-xgjf-vhwg",
  "modified": "2025-04-20T03:38:42Z",
  "published": "2022-05-13T01:47:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8108"
    },
    {
      "type": "WEB",
      "url": "https://cisofy.com/security/cve/cve-2017-8108"
    },
    {
      "type": "WEB",
      "url": "https://github.com/CISOfy/lynis/releases/tag/2.5.0"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJXMPYANXHI25NQZ36QMXNXANDRAA5YG"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJHLLWNW7NASVXCK24YBSIUQQPWGCMB5"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJXMPYANXHI25NQZ36QMXNXANDRAA5YG"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJHLLWNW7NASVXCK24YBSIUQQPWGCMB5"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99288"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RMVC-X4JP-8Q6J

Vulnerability from github – Published: 2025-02-11 18:31 – Updated: 2025-02-11 18:31
VLAI
Details

Windows Setup Files Cleanup Elevation of Privilege Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21419"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-11T18:15:40Z",
    "severity": "HIGH"
  },
  "details": "Windows Setup Files Cleanup Elevation of Privilege Vulnerability",
  "id": "GHSA-rmvc-x4jp-8q6j",
  "modified": "2025-02-11T18:31:40Z",
  "published": "2025-02-11T18:31:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21419"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21419"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RMW3-4V45-RJ33

Vulnerability from github – Published: 2022-05-17 00:01 – Updated: 2022-05-26 00:01
VLAI
Details

Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege escalation on the affected machine.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-30523"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-16T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege escalation on the affected machine.",
  "id": "GHSA-rmw3-4v45-rj33",
  "modified": "2022-05-26T00:01:26Z",
  "published": "2022-05-17T00:01:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30523"
    },
    {
      "type": "WEB",
      "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-09071"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-759"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RP64-JC8M-27WC

Vulnerability from github – Published: 2024-11-12 21:30 – Updated: 2024-11-12 21:30
VLAI
Details

A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would run with root privilege.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-51721"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-12T19:15:18Z",
    "severity": "HIGH"
  },
  "details": "A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would run with root privilege.",
  "id": "GHSA-rp64-jc8m-27wc",
  "modified": "2024-11-12T21:30:54Z",
  "published": "2024-11-12T21:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51721"
    },
    {
      "type": "WEB",
      "url": "https://support.blackberry.com/pkb/s/article/140220"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-48.1
Architecture and Design

Strategy: Separation of Privilege

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack

An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.

CAPEC-17: Using Malicious Files

An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.

CAPEC-35: Leverage Executable Code in Non-Executable Files

An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.