CWE-61

High likelihood

UNIX Symbolic Link (Symlink) Following

Parent: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.

138 vulnerabilities with CWE-61
CVE-2023-20093 MEDIUM
Cisco TelePresence CE - Privilege Escalation
CVSS 4.4
CVE-2023-20092 MEDIUM
Cisco TelePresence CE - Privilege Escalation
CVSS 4.4
CVE-2023-20091 MEDIUM
Cisco TelePresence CE - Privilege Escalation
CVSS 5.1
CVE-2023-41969 HIGH
Zscaler Client Connector < 4.3 - Arbitrary File Deletion via ZSATrayManager Temporary File Handling
CVSS 7.3
CVE-2023-39246 MEDIUM
Dell Endpoint Security Suite Enterprise < 11.8.1 - Privilege Escalation via Windows Junction
CVSS 4.6
CVE-2023-37460 HIGH
plexus-archiver < 4.8.0 - Arbitrary File Creation and Remote Code Execution via Symbolic Link Handling
CVSS 8.1
CVE-2022-3592 MEDIUM
Samba 4.17.0-4.17.1 - Symbolic Link Following via SMB1 Unix Extensions or NFS
CVSS 6.5
CVE-2022-31036 MEDIUM
Argo CD 1.3.0-2.1.15 - Sensitive File Exposure via Symlink Following
CVSS 4.3
CVE-2022-24904 MEDIUM
Argo CD 0.7.0-2.1.14 - Authenticated Sensitive File Leak via Symlink Following
CVSS 4.3
CVE-2021-4287 MEDIUM
ReFirm Labs binwalk <2.3.2 - Symlink Following
CVSS 5.0
CVE-2021-1612 MEDIUM
Cisco SD-WAN < 17.3.4 - Authenticated Arbitrary File Overwrite via Symbolic Link
CVSS 5.5
CVE-2021-39135 HIGH
@npmcli/arborist < 2.8.2 - Arbitrary File Write via Symbolic Link Following
CVSS 8.2
CVE-2021-39134 HIGH
@npmcli/arborist < 2.8.2 - Arbitrary File Write via Case-Insensitive Dependency Resolution
CVSS 8.2
CVE-2021-32518 HIGH
QSAN Storage Manager < 3.3.3 - Arbitrary File Access via Symbolic Link in share_link
CVSS 7.5
CVE-2021-32509 MEDIUM
QSAN Storage Manager < 3.3.3 - Authenticated Absolute Path Traversal via FileviewDoc URL Parameter
CVSS 6.5
CVE-2021-32508 MEDIUM
QSAN Storage Manager < 3.3.3 - Authenticated Absolute Path Traversal via FileStreaming Symbolic Link
CVSS 6.5
CVE-2021-25321 HIGH
SUSE Linux Enterprise Server <11-SP4-LTSS - Privilege Escalation
CVSS 7.8
CVE-2021-32557 MEDIUM
apport 2.14.1-0ubuntu3-2.14.1-0ubuntu3.29+esm7 - Arbitrary File Write via Symlink
CVSS 5.2
CVE-2021-32555 HIGH
Ubuntu Linux - Information Disclosure via Symbolic Link Following in apport/hookutils.py
CVSS 7.3
CVE-2021-32554 HIGH
Ubuntu Linux - Information Disclosure via Symbolic Link Following in apport/hookutils.py
CVSS 7.3
CVE-2021-32553 HIGH
Ubuntu Linux - Information Disclosure via Symbolic Link Following in apport/hookutils.py read_file()
CVSS 7.3
CVE-2021-32552 HIGH
Ubuntu Linux - Information Disclosure via Symbolic Link Following in apport/hookutils.py
CVSS 7.3
CVE-2021-32551 HIGH
Ubuntu Linux - Information Disclosure via Symbolic Link Following in apport/hookutils.py
CVSS 7.3
CVE-2021-32550 HIGH
Ubuntu Linux - Information Disclosure via Symbolic Link Following in apport/hookutils.py
CVSS 7.3
CVE-2021-32549 HIGH
Ubuntu Linux - Information Disclosure via Symbolic Link Following in apport/hookutils.py read_file()
CVSS 7.3
Details
Vulnerabilities 138
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits