Common Weakness Enumeration

CWE-59

Allowed

Improper Link Resolution Before File Access ('Link Following')

Abstraction: Base · Status: Draft

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1992 vulnerabilities reference this CWE, most recent first.

GHSA-7J8W-V723-8CHG

Vulnerability from github – Published: 2023-04-01 00:30 – Updated: 2023-04-06 21:30
VLAI
Details

There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-47188"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-31T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.",
  "id": "GHSA-7j8w-v723-8chg",
  "modified": "2023-04-06T21:30:20Z",
  "published": "2023-04-01T00:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47188"
    },
    {
      "type": "WEB",
      "url": "https://www.generex.de/support/changelogs/cs141/2-12"
    },
    {
      "type": "WEB",
      "url": "https://www.generex.de/support/changelogs/cs141/page:2"
    },
    {
      "type": "WEB",
      "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7JCP-V9W4-WJMG

Vulnerability from github – Published: 2026-05-26 15:32 – Updated: 2026-06-30 18:04
VLAI
Summary
KubeVirt has a Link Following vulnerability
Details

A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to the host's container runtime (CRI-O) socket, an attacker can hijack virt-handler's privileged connection. This enables the attacker to access any Unix socket on the host, potentially leading to full control of the node and the entire cluster.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "kubevirt.io/kubevirt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.8.0-alpha.0"
            },
            {
              "fixed": "1.8.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "kubevirt.io/kubevirt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.7.0-alpha.0"
            },
            {
              "fixed": "1.7.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "kubevirt.io/kubevirt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-7374"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-30T18:04:03Z",
    "nvd_published_at": "2026-05-26T14:16:40Z",
    "severity": "CRITICAL"
  },
  "details": "A flaw was found in KubeVirt\u0027s virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to the host\u0027s container runtime (CRI-O) socket, an attacker can hijack virt-handler\u0027s privileged connection. This enables the attacker to access any Unix socket on the host, potentially leading to full control of the node and the entire cluster.",
  "id": "GHSA-7jcp-v9w4-wjmg",
  "modified": "2026-06-30T18:04:04Z",
  "published": "2026-05-26T15:32:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7374"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubevirt/kubevirt/pull/17916"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubevirt/kubevirt/commit/011eef8129e2c21e0ea496f283ee1676009bc757"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-7374.json"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kubevirt/kubevirt"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463728"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-7374"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:20975"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:20890"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:20886"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:20866"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:20825"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:20782"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:20767"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:20763"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:20736"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:20720"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "KubeVirt has a Link Following vulnerability"
}

GHSA-7JV3-HCRW-WVCQ

Vulnerability from github – Published: 2022-05-17 01:47 – Updated: 2022-05-17 01:47
VLAI
Details

src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2012-2093"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-05-18T22:55:00Z",
    "severity": "LOW"
  },
  "details": "src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function.",
  "id": "GHSA-7jv3-hcrw-wvcq",
  "modified": "2022-05-17T01:47:00Z",
  "published": "2022-05-17T01:47:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2093"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74869"
    },
    {
      "type": "WEB",
      "url": "https://trac.gajim.org/changeset/13759/src/common/latex.py"
    },
    {
      "type": "WEB",
      "url": "http://hg.gajim.org/gajim/rev/f046e4aaf7d4"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079169.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079237.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079241.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48695"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48794"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201208-04.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/04/10/15"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/04/10/6"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/53017"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-7M2V-R87H-VHC2

Vulnerability from github – Published: 2024-04-09 18:30 – Updated: 2024-04-09 18:30
VLAI
Details

Windows Authentication Elevation of Privilege Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21447"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-09T17:15:35Z",
    "severity": "HIGH"
  },
  "details": "Windows Authentication Elevation of Privilege Vulnerability",
  "id": "GHSA-7m2v-r87h-vhc2",
  "modified": "2024-04-09T18:30:24Z",
  "published": "2024-04-09T18:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21447"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21447"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7M75-X27W-R52R

Vulnerability from github – Published: 2024-06-03 12:30 – Updated: 2024-06-04 17:50
VLAI
Summary
qdrant input validation failure
Details

qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the filesystem and arbitrary file write by including a symlink and a payload file in the snapshot's directory structure. This vulnerability allows for the reading and writing of arbitrary files on the server, which could potentially lead to a full takeover of the system. The issue is fixed in version v1.9.0.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "qdrant-client"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.9.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-3829"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-59"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-04T17:50:58Z",
    "nvd_published_at": "2024-06-03T10:15:14Z",
    "severity": "CRITICAL"
  },
  "details": "qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the filesystem and arbitrary file write by including a symlink and a payload file in the snapshot\u0027s directory structure. This vulnerability allows for the reading and writing of arbitrary files on the server, which could potentially lead to a full takeover of the system. The issue is fixed in version v1.9.0.",
  "id": "GHSA-7m75-x27w-r52r",
  "modified": "2024-06-04T17:50:58Z",
  "published": "2024-06-03T12:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3829"
    },
    {
      "type": "WEB",
      "url": "https://github.com/qdrant/qdrant/commit/ee7a31ec3459a6a4219200234615c1817ab82260"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/qdrant/qdrant-client"
    },
    {
      "type": "WEB",
      "url": "https://huntr.com/bounties/abd9c906-75ee-4d84-b76d-ce1386401e08"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "qdrant input validation failure "
}

GHSA-7MJV-X3JF-545X

Vulnerability from github – Published: 2023-03-21 22:32 – Updated: 2023-03-21 22:32
VLAI
Summary
cloudflared's Installer has Local Privilege Escalation Vulnerability
Details

Impact

A vulnerability has been discovered in cloudflared's installer (<= 2023.3.0) for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. This vulnerability exists because the MSI installer used by cloudflared relied on a world-writable directory.

An attacker with local access to the device (without Administrator rights) can use symbolic links to trick the MSI installer into deleting files in locations that the attacker would otherwise have no access to. By creating a symlink from the world-writable directory to the target file, the attacker can manipulate the MSI installer's repair functionality to delete the target file during the repair process.

Exploitation of this vulnerability could allow an attacker to delete important system files or replace them with malicious files, potentially leading to the affected device being compromised.

The cloudflared client itself is not affected by this vulnerability, only the installer for 32-bit Windows devices.

Patches

A new installer was released as part of version 2023.3.1, corresponding to pseudoversion 0.0.0-20230313153246-f686da832f85 on pkg.go.dev. Users are encouraged to remove old installers from their systems.

References

Cloudflared Releases

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cloudflare/cloudflared"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-20230313153246-f686da832f85"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-1314"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-21T22:32:50Z",
    "nvd_published_at": "2023-03-21T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nA vulnerability has been discovered in cloudflared\u0027s installer (\u003c= 2023.3.0) for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. This vulnerability exists because the MSI installer used by cloudflared relied on a world-writable directory.\n\nAn attacker with local access to the device (without Administrator rights) can use symbolic links to trick the MSI installer into deleting files in locations that the attacker would otherwise have no access to. By creating a symlink from the world-writable directory to the target file, the attacker can manipulate the MSI installer\u0027s repair functionality to delete the target file during the repair process.\n\nExploitation of this vulnerability could allow an attacker to delete important system files or replace them with malicious files, potentially leading to the affected device being compromised.\n\n**The cloudflared client itself is not affected by this vulnerability, only the installer for 32-bit Windows devices.**\n\n### Patches\nA new installer was released as part of version 2023.3.1, corresponding to pseudoversion 0.0.0-20230313153246-f686da832f85 on pkg.go.dev. Users are encouraged to remove old installers from their systems.\n\n### References\n[Cloudflared Releases](https://github.com/cloudflare/cloudflared/releases)",
  "id": "GHSA-7mjv-x3jf-545x",
  "modified": "2023-03-21T22:32:50Z",
  "published": "2023-03-21T22:32:50Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cloudflare/cloudflared/security/advisories/GHSA-7mjv-x3jf-545x"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1314"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudflare/cloudflared/commit/9c15f31d003bebfbe6467c2b42972df3e7c9b886"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cloudflare/cloudflared"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudflare/cloudflared/releases"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "cloudflared\u0027s Installer has Local Privilege Escalation Vulnerability"
}

GHSA-7P5C-G6M3-V67R

Vulnerability from github – Published: 2024-01-09 18:30 – Updated: 2024-01-09 18:30
VLAI
Details

Visual Studio Elevation of Privilege Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20656"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-09T18:15:48Z",
    "severity": "HIGH"
  },
  "details": "Visual Studio Elevation of Privilege Vulnerability",
  "id": "GHSA-7p5c-g6m3-v67r",
  "modified": "2024-01-09T18:30:28Z",
  "published": "2024-01-09T18:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20656"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7P6M-P6R7-2F8P

Vulnerability from github – Published: 2022-04-30 18:12 – Updated: 2022-04-30 18:12
VLAI
Details

Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-1999-1593"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-01-15T01:30:00Z",
    "severity": "HIGH"
  },
  "details": "Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server.  NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable.",
  "id": "GHSA-7p6m-p6r7-2f8p",
  "modified": "2022-04-30T18:12:46Z",
  "published": "2022-04-30T18:12:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-1999-1593"
    },
    {
      "type": "WEB",
      "url": "https://www2.sans.org/reading_room/whitepapers/win2k/185.php"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00371.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/bugtraq/2001/Jan/0264.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/bugtraq/2001/Jan/0269.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/bugtraq/2001/Jan/0271.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/bugtraq/2001/Jan/0274.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/bugtraq/2001/Jan/0276.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/bugtraq/2001/Jan/0289.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/bugtraq/2001/Jan/0298.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/2221"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-7P6P-4577-FPHG

Vulnerability from github – Published: 2022-05-17 00:43 – Updated: 2022-05-17 00:43
VLAI
Details

The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/trigger.tmp temporary file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-5706"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-12-22T15:30:00Z",
    "severity": "MODERATE"
  },
  "details": "The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/trigger.tmp temporary file.",
  "id": "GHSA-7p6p-4577-fphg",
  "modified": "2022-05-17T00:43:23Z",
  "published": "2022-05-17T00:43:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5706"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/7183"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/506530"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2008/12/17/16"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/4800"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/32889"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-7P8H-3XW2-W6JW

Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2023-02-24 00:30
VLAI
Details

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM X-Force ID: 144432.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-1632"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-20T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM X-Force ID: 144432.",
  "id": "GHSA-7p8h-3xw2-w6jw",
  "modified": "2023-02-24T00:30:16Z",
  "published": "2022-05-24T16:54:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1632"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144432"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190903-0002"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-48.1
Architecture and Design

Strategy: Separation of Privilege

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack

An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.

CAPEC-17: Using Malicious Files

An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.

CAPEC-35: Leverage Executable Code in Non-Executable Files

An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.