Common Weakness Enumeration

CWE-59

Allowed

Improper Link Resolution Before File Access ('Link Following')

Abstraction: Base · Status: Draft

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1990 vulnerabilities reference this CWE, most recent first.

GHSA-HH9C-WJP6-58H4

Vulnerability from github – Published: 2022-05-17 02:18 – Updated: 2022-05-17 02:18
VLAI
Details

rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE: exploitation may require an unusual scenario in which rc.sysinit is executed other than at boot time.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-4832"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-11-17T23:30:00Z",
    "severity": "MODERATE"
  },
  "details": "rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run.  NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE: exploitation may require an unusual scenario in which rc.sysinit is executed other than at boot time.",
  "id": "GHSA-hh9c-wjp6-58h4",
  "modified": "2022-05-17T02:18:59Z",
  "published": "2022-05-17T02:18:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4832"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46700"
    },
    {
      "type": "WEB",
      "url": "https://issues.rpath.com/browse/RPL-2857"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32710"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0318"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-HHC7-JQ5J-875Q

Vulnerability from github – Published: 2022-05-24 16:44 – Updated: 2024-04-04 00:04
VLAI
Details

snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp directory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-11502"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-24T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp directory.",
  "id": "GHSA-hhc7-jq5j-875q",
  "modified": "2024-04-04T00:04:44Z",
  "published": "2022-05-24T16:44:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11502"
    },
    {
      "type": "WEB",
      "url": "https://github.com/snapcore/snapd/commit/bdbfeebef03245176ae0dc323392bb0522a339b1"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2019/04/18/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/04/25/7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HHJM-W4MX-FGWH

Vulnerability from github – Published: 2022-05-02 03:19 – Updated: 2022-05-02 03:19
VLAI
Details

Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2009-0876"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-03-12T15:20:00Z",
    "severity": "MODERATE"
  },
  "details": "Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN.",
  "id": "GHSA-hhjm-w4mx-fgwh",
  "modified": "2022-05-02T03:19:02Z",
  "published": "2022-05-02T03:19:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0876"
    },
    {
      "type": "WEB",
      "url": "https://bugs.gentoo.org/show_bug.cgi?id=260331"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49193"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/52580"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34232"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254568-1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2009/03/15/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2009/03/17/2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/34080"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1021841"
    },
    {
      "type": "WEB",
      "url": "http://www.virtualbox.org/ticket/3444"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/0674"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-HHV8-FQHV-49R6

Vulnerability from github – Published: 2022-05-17 02:18 – Updated: 2022-05-17 02:18
VLAI
Details

create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local users to overwrite or delete arbitrary files via a symlink attack on a (1) /tmp/lazarus.tgz temporary file or a (2) /tmp/lazarus temporary directory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-5007"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-11-10T14:12:00Z",
    "severity": "MODERATE"
  },
  "details": "create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local users to overwrite or delete arbitrary files via a symlink attack on a (1) /tmp/lazarus.tgz temporary file or a (2) /tmp/lazarus temporary directory.",
  "id": "GHSA-hhv8-fqhv-49r6",
  "modified": "2022-05-17T02:18:26Z",
  "published": "2022-05-17T02:18:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5007"
    },
    {
      "type": "WEB",
      "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
    },
    {
      "type": "WEB",
      "url": "https://bugs.gentoo.org/show_bug.cgi?id=235828"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44824"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/496377"
    },
    {
      "type": "WEB",
      "url": "http://code.google.com/p/bollin/source/browse/lazarus/trunk/debian/patches/07_sh_using_tmp.dpatch?spec=svn3462\u0026r=3462"
    },
    {
      "type": "WEB",
      "url": "http://dev.gentoo.org/~rbu/security/debiantemp/lazarus-src"
    },
    {
      "type": "WEB",
      "url": "http://uvw.ru/report.lenny.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/30917"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-HJC9-48R3-J77H

Vulnerability from github – Published: 2022-05-17 02:18 – Updated: 2022-05-17 02:18
VLAI
Details

perl.robot in realtimebattle 1.0.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl.robot.log temporary file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-4981"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-11-06T15:55:00Z",
    "severity": "MODERATE"
  },
  "details": "perl.robot in realtimebattle 1.0.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl.robot.log temporary file.",
  "id": "GHSA-hjc9-48r3-j77h",
  "modified": "2022-05-17T02:18:28Z",
  "published": "2022-05-17T02:18:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4981"
    },
    {
      "type": "WEB",
      "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44882"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/496385"
    },
    {
      "type": "WEB",
      "url": "http://dev.gentoo.org/~rbu/security/debiantemp/realtimebattle-common"
    },
    {
      "type": "WEB",
      "url": "http://uvw.ru/report.lenny.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/30967"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-HJR9-62GJ-CHHF

Vulnerability from github – Published: 2026-04-23 21:31 – Updated: 2026-04-23 21:31
VLAI
Details

This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the vulnerability to execute malicious code with elevated SYSTEM privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-33694"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-23T19:17:28Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the vulnerability to execute malicious code with elevated SYSTEM privileges.",
  "id": "GHSA-hjr9-62gj-chhf",
  "modified": "2026-04-23T21:31:23Z",
  "published": "2026-04-23T21:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33694"
    },
    {
      "type": "WEB",
      "url": "https://tenable.com/security/tns-2026-12"
    },
    {
      "type": "WEB",
      "url": "https://tenable.com/security/tns-2026-13"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-HMF4-4CCH-P9XH

Vulnerability from github – Published: 2022-05-17 05:52 – Updated: 2022-05-17 05:52
VLAI
Details

dhis-dummy-log-engine in dhis-server 5.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/dhis-dummy-log-engine.log temporary file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-4947"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-11-05T15:00:00Z",
    "severity": "MODERATE"
  },
  "details": "dhis-dummy-log-engine in dhis-server 5.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/dhis-dummy-log-engine.log temporary file.",
  "id": "GHSA-hmf4-4cch-p9xh",
  "modified": "2022-05-17T05:52:20Z",
  "published": "2022-05-17T05:52:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4947"
    },
    {
      "type": "WEB",
      "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/496388"
    },
    {
      "type": "WEB",
      "url": "http://dev.gentoo.org/~rbu/security/debiantemp/dhis-server"
    },
    {
      "type": "WEB",
      "url": "http://uvw.ru/report.lenny.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/30900"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-HP47-JVH8-33RQ

Vulnerability from github – Published: 2022-05-01 18:09 – Updated: 2022-05-01 18:09
VLAI
Details

Session fixation vulnerability in eggblog 3.1.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2007-2978"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-06-01T01:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Session fixation vulnerability in eggblog 3.1.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.",
  "id": "GHSA-hp47-jvh8-33rq",
  "modified": "2022-05-01T18:09:12Z",
  "published": "2022-05-01T18:09:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2978"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34549"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/36734"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25443"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/2756"
    },
    {
      "type": "WEB",
      "url": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls48"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/469888/100/0/threaded"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-HP49-99R6-WHJR

Vulnerability from github – Published: 2022-04-22 00:24 – Updated: 2024-04-03 23:05
VLAI
Details

foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-2924"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-19T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.",
  "id": "GHSA-hp49-99r6-whjr",
  "modified": "2024-04-03T23:05:04Z",
  "published": "2022-04-22T00:24:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2924"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/cve-2011-2924"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2924"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.net/ubuntu/+source/foomatic-filters/4.0.12-1"
    },
    {
      "type": "WEB",
      "url": "https://lwn.net/Articles/459979"
    },
    {
      "type": "WEB",
      "url": "https://security-tracker.debian.org/tracker/CVE-2011-2924"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2014/02/08/5/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HP8W-X4CG-7866

Vulnerability from github – Published: 2022-05-17 03:21 – Updated: 2025-04-11 04:16
VLAI
Details

rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2013-4214"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-11-23T17:55:00Z",
    "severity": "MODERATE"
  },
  "details": "rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.",
  "id": "GHSA-hp8w-x4cg-7866",
  "modified": "2025-04-11T04:16:18Z",
  "published": "2022-05-17T03:21:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4214"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2013:1526"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2013-4214"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=958002"
    },
    {
      "type": "WEB",
      "url": "https://www.nagios.org/projects/nagios-core/history/4x"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1526.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/61747"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation MIT-48.1
Architecture and Design

Strategy: Separation of Privilege

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack

An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.

CAPEC-17: Using Malicious Files

An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.

CAPEC-35: Leverage Executable Code in Non-Executable Files

An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.