Common Weakness Enumeration

CWE-59

Allowed

Improper Link Resolution Before File Access ('Link Following')

Abstraction: Base · Status: Draft

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1990 vulnerabilities reference this CWE, most recent first.

GHSA-XPCC-F29M-W2XX

Vulnerability from github – Published: 2024-10-08 18:33 – Updated: 2024-10-08 18:33
VLAI
Details

Windows Storage Elevation of Privilege Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-43551"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-08T18:15:20Z",
    "severity": "HIGH"
  },
  "details": "Windows Storage Elevation of Privilege Vulnerability",
  "id": "GHSA-xpcc-f29m-w2xx",
  "modified": "2024-10-08T18:33:16Z",
  "published": "2024-10-08T18:33:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43551"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43551"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XPHP-JRMH-9RJJ

Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44
VLAI
Details

Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-26887"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-11T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability",
  "id": "GHSA-xphp-jrmh-9rjj",
  "modified": "2022-05-24T17:44:21Z",
  "published": "2022-05-24T17:44:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26887"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26887"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XQ25-M329-6GR4

Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27
VLAI
Details

Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2012-5303"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-10-05T21:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname.",
  "id": "GHSA-xq25-m329-6gr4",
  "modified": "2022-05-13T01:27:36Z",
  "published": "2022-05-13T01:27:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5303"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672425"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688879"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/55905"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-XQ2X-GX2H-74R3

Vulnerability from github – Published: 2022-05-17 05:52 – Updated: 2022-05-17 05:52
VLAI
Details

src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might allow local users to overwrite arbitrary files via a symlink attack on the /tmp/gpsdrive-unit-test/proc temporary file, a different vector than CVE-2008-4959 and CVE-2008-5380.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-5704"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-12-22T15:30:00Z",
    "severity": "HIGH"
  },
  "details": "src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might allow local users to overwrite arbitrary files via a symlink attack on the /tmp/gpsdrive-unit-test/proc temporary file, a different vector than CVE-2008-4959 and CVE-2008-5380.",
  "id": "GHSA-xq2x-gx2h-74r3",
  "modified": "2022-05-17T05:52:36Z",
  "published": "2022-05-17T05:52:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5704"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508597"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2008/12/17/15"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-XQ6P-X243-2JPW

Vulnerability from github – Published: 2022-05-14 01:26 – Updated: 2022-05-14 01:26
VLAI
Details

CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-1272"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-03-14T10:55:00Z",
    "severity": "MODERATE"
  },
  "details": "CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink.",
  "id": "GHSA-xq6p-x243-2jpw",
  "modified": "2022-05-14T01:26:48Z",
  "published": "2022-05-14T01:26:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1272"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT6162"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT6163"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-XQ8G-H7MF-47QR

Vulnerability from github – Published: 2022-05-17 02:18 – Updated: 2022-05-17 02:18
VLAI
Details

sample.sh in maildirsync 1.1 allows local users to append data to arbitrary files via a symlink attack on a /tmp/maildirsync-*.#####.log temporary file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-5150"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-11-18T16:00:00Z",
    "severity": "MODERATE"
  },
  "details": "sample.sh in maildirsync 1.1 allows local users to append data to arbitrary files via a symlink attack on a /tmp/maildirsync-*.#####.log temporary file.",
  "id": "GHSA-xq8g-h7mf-47qr",
  "modified": "2022-05-17T02:18:02Z",
  "published": "2022-05-17T02:18:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5150"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46711"
    },
    {
      "type": "WEB",
      "url": "http://lists.debian.org/debian-devel/2008/08/msg00347.html"
    },
    {
      "type": "WEB",
      "url": "http://uvw.ru/report.sid.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/32403"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-XQ95-4RWQ-MPPC

Vulnerability from github – Published: 2022-05-02 04:00 – Updated: 2025-04-11 03:48
VLAI
Details

The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2009-5079"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-06-30T15:55:00Z",
    "severity": "LOW"
  },
  "details": "The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.",
  "id": "GHSA-xq95-4rwq-mppc",
  "modified": "2025-04-11T03:48:10Z",
  "published": "2022-05-02T04:00:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-5079"
    },
    {
      "type": "WEB",
      "url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
    },
    {
      "type": "WEB",
      "url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h"
    },
    {
      "type": "WEB",
      "url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1;r2=1.2;f=h"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2009/08/14/4"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2009/08/14/5"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:085"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-XQH9-RP73-QQH5

Vulnerability from github – Published: 2021-12-31 00:00 – Updated: 2022-01-08 00:00
VLAI
Details

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive with a malicious symlink on it that the bittorrent client can write downloads to, then a user is able to download arbitrary files to any desired location on the devices filesystem, which could lead to remote code execution. Example directories vulnerable to this include "config", "downloads", and "torrents", though it should be noted that "downloads" is the only vector that allows for arbitrary files to be downloaded to arbitrary locations.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-20153"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-30T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive with a malicious symlink on it that the bittorrent client can write downloads to, then a user is able to download arbitrary files to any desired location on the devices filesystem, which could lead to remote code execution. Example directories vulnerable to this include \"config\", \"downloads\", and \"torrents\", though it should be noted that \"downloads\" is the only vector that allows for arbitrary files to be downloaded to arbitrary locations.",
  "id": "GHSA-xqh9-rp73-qqh5",
  "modified": "2022-01-08T00:00:38Z",
  "published": "2021-12-31T00:00:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20153"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/research/tra-2021-54"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-XQHQ-M8MV-G9WP

Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2022-11-16 12:00
VLAI
Details

An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-14004"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-12T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user.",
  "id": "GHSA-xqhq-m8mv-g9wp",
  "modified": "2022-11-16T12:00:19Z",
  "published": "2022-05-24T17:20:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14004"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Icinga/icinga2/pull/8045/commits/2f0f2e8c355b75fa4407d23f85feea037d2bc4b6"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-14004"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Icinga/icinga2/compare/v2.12.0-rc1...master"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Icinga/icinga2/releases"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00014.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/06/12/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XQJH-G9RV-VG4C

Vulnerability from github – Published: 2026-02-10 00:30 – Updated: 2026-02-10 00:30
VLAI
Details

Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-15310"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-10T00:16:05Z",
    "severity": "HIGH"
  },
  "details": "Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.",
  "id": "GHSA-xqjh-g9rv-vg4c",
  "modified": "2026-02-10T00:30:31Z",
  "published": "2026-02-10T00:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15310"
    },
    {
      "type": "WEB",
      "url": "https://security.tanium.com/TAN-2025-001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-48.1
Architecture and Design

Strategy: Separation of Privilege

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack

An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.

CAPEC-17: Using Malicious Files

An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.

CAPEC-35: Leverage Executable Code in Non-Executable Files

An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.