CWE-59
AllowedImproper Link Resolution Before File Access ('Link Following')
Abstraction: Base · Status: Draft
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
1990 vulnerabilities reference this CWE, most recent first.
GHSA-XPCC-F29M-W2XX
Vulnerability from github – Published: 2024-10-08 18:33 – Updated: 2024-10-08 18:33Windows Storage Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-43551"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-08T18:15:20Z",
"severity": "HIGH"
},
"details": "Windows Storage Elevation of Privilege Vulnerability",
"id": "GHSA-xpcc-f29m-w2xx",
"modified": "2024-10-08T18:33:16Z",
"published": "2024-10-08T18:33:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43551"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43551"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XPHP-JRMH-9RJJ
Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2021-26887"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-11T16:15:00Z",
"severity": "HIGH"
},
"details": "Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability",
"id": "GHSA-xphp-jrmh-9rjj",
"modified": "2022-05-24T17:44:21Z",
"published": "2022-05-24T17:44:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26887"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26887"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XQ25-M329-6GR4
Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname.
{
"affected": [],
"aliases": [
"CVE-2012-5303"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-10-05T21:55:00Z",
"severity": "MODERATE"
},
"details": "Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname.",
"id": "GHSA-xq25-m329-6gr4",
"modified": "2022-05-13T01:27:36Z",
"published": "2022-05-13T01:27:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5303"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672425"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688879"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/55905"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-XQ2X-GX2H-74R3
Vulnerability from github – Published: 2022-05-17 05:52 – Updated: 2022-05-17 05:52src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might allow local users to overwrite arbitrary files via a symlink attack on the /tmp/gpsdrive-unit-test/proc temporary file, a different vector than CVE-2008-4959 and CVE-2008-5380.
{
"affected": [],
"aliases": [
"CVE-2008-5704"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-12-22T15:30:00Z",
"severity": "HIGH"
},
"details": "src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might allow local users to overwrite arbitrary files via a symlink attack on the /tmp/gpsdrive-unit-test/proc temporary file, a different vector than CVE-2008-4959 and CVE-2008-5380.",
"id": "GHSA-xq2x-gx2h-74r3",
"modified": "2022-05-17T05:52:36Z",
"published": "2022-05-17T05:52:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5704"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508597"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2008/12/17/15"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-XQ6P-X243-2JPW
Vulnerability from github – Published: 2022-05-14 01:26 – Updated: 2022-05-14 01:26CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink.
{
"affected": [],
"aliases": [
"CVE-2014-1272"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-03-14T10:55:00Z",
"severity": "MODERATE"
},
"details": "CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink.",
"id": "GHSA-xq6p-x243-2jpw",
"modified": "2022-05-14T01:26:48Z",
"published": "2022-05-14T01:26:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1272"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT6162"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT6163"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-XQ8G-H7MF-47QR
Vulnerability from github – Published: 2022-05-17 02:18 – Updated: 2022-05-17 02:18sample.sh in maildirsync 1.1 allows local users to append data to arbitrary files via a symlink attack on a /tmp/maildirsync-*.#####.log temporary file.
{
"affected": [],
"aliases": [
"CVE-2008-5150"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-11-18T16:00:00Z",
"severity": "MODERATE"
},
"details": "sample.sh in maildirsync 1.1 allows local users to append data to arbitrary files via a symlink attack on a /tmp/maildirsync-*.#####.log temporary file.",
"id": "GHSA-xq8g-h7mf-47qr",
"modified": "2022-05-17T02:18:02Z",
"published": "2022-05-17T02:18:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5150"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46711"
},
{
"type": "WEB",
"url": "http://lists.debian.org/debian-devel/2008/08/msg00347.html"
},
{
"type": "WEB",
"url": "http://uvw.ru/report.sid.txt"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/32403"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-XQ95-4RWQ-MPPC
Vulnerability from github – Published: 2022-05-02 04:00 – Updated: 2025-04-11 03:48The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.
{
"affected": [],
"aliases": [
"CVE-2009-5079"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-06-30T15:55:00Z",
"severity": "LOW"
},
"details": "The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.",
"id": "GHSA-xq95-4rwq-mppc",
"modified": "2025-04-11T03:48:10Z",
"published": "2022-05-02T04:00:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-5079"
},
{
"type": "WEB",
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
},
{
"type": "WEB",
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h"
},
{
"type": "WEB",
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1;r2=1.2;f=h"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2009/08/14/4"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2009/08/14/5"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:085"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-XQH9-RP73-QQH5
Vulnerability from github – Published: 2021-12-31 00:00 – Updated: 2022-01-08 00:00Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive with a malicious symlink on it that the bittorrent client can write downloads to, then a user is able to download arbitrary files to any desired location on the devices filesystem, which could lead to remote code execution. Example directories vulnerable to this include "config", "downloads", and "torrents", though it should be noted that "downloads" is the only vector that allows for arbitrary files to be downloaded to arbitrary locations.
{
"affected": [],
"aliases": [
"CVE-2021-20153"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-30T22:15:00Z",
"severity": "MODERATE"
},
"details": "Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive with a malicious symlink on it that the bittorrent client can write downloads to, then a user is able to download arbitrary files to any desired location on the devices filesystem, which could lead to remote code execution. Example directories vulnerable to this include \"config\", \"downloads\", and \"torrents\", though it should be noted that \"downloads\" is the only vector that allows for arbitrary files to be downloaded to arbitrary locations.",
"id": "GHSA-xqh9-rp73-qqh5",
"modified": "2022-01-08T00:00:38Z",
"published": "2021-12-31T00:00:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20153"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-XQHQ-M8MV-G9WP
Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2022-11-16 12:00An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user.
{
"affected": [],
"aliases": [
"CVE-2020-14004"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-12T16:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user.",
"id": "GHSA-xqhq-m8mv-g9wp",
"modified": "2022-11-16T12:00:19Z",
"published": "2022-05-24T17:20:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14004"
},
{
"type": "WEB",
"url": "https://github.com/Icinga/icinga2/pull/8045/commits/2f0f2e8c355b75fa4407d23f85feea037d2bc4b6"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-14004"
},
{
"type": "WEB",
"url": "https://github.com/Icinga/icinga2/compare/v2.12.0-rc1...master"
},
{
"type": "WEB",
"url": "https://github.com/Icinga/icinga2/releases"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00014.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/06/12/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XQJH-G9RV-VG4C
Vulnerability from github – Published: 2026-02-10 00:30 – Updated: 2026-02-10 00:30Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
{
"affected": [],
"aliases": [
"CVE-2025-15310"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-10T00:16:05Z",
"severity": "HIGH"
},
"details": "Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.",
"id": "GHSA-xqjh-g9rv-vg4c",
"modified": "2026-02-10T00:30:31Z",
"published": "2026-02-10T00:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15310"
},
{
"type": "WEB",
"url": "https://security.tanium.com/TAN-2025-001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-48.1
Strategy: Separation of Privilege
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack
An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.
CAPEC-17: Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.