CWE-59
AllowedImproper Link Resolution Before File Access ('Link Following')
Abstraction: Base · Status: Draft
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
1990 vulnerabilities reference this CWE, most recent first.
CVE-2022-0029 (GCVE-0-2022-0029)
Vulnerability from cvelistv5 – Published: 2022-09-14 16:35 – Updated: 2025-06-04 15:08- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2022-0029 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
7.7 , < 7.7.3
(custom)
Affected: 7.5 CE , < 7.5.101-CE (custom) Affected: 5.0 , < 5.0.12-hotfix update (custom) |
|
| Palo Alto Networks | Cortex XDR Agent |
Unaffected:
7.8 all
Unaffected: 7.7.3 , < 7.7* (custom) Unaffected: 7.5.101-CE , < 7.5 CE* (custom) Unaffected: 5.0.12-hotfix update , < 5.0* (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0029"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-04T15:08:25.783065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T15:08:32.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"lessThan": "7.7.3",
"status": "affected",
"version": "7.7",
"versionType": "custom"
},
{
"lessThan": "7.5.101-CE",
"status": "affected",
"version": "7.5 CE",
"versionType": "custom"
},
{
"lessThan": "5.0.12-hotfix update",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
},
{
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "7.8 all"
},
{
"lessThan": "7.7*",
"status": "unaffected",
"version": "7.7.3",
"versionType": "custom"
},
{
"lessThan": "7.5 CE*",
"status": "unaffected",
"version": "7.5.101-CE",
"versionType": "custom"
},
{
"lessThan": "5.0*",
"status": "unaffected",
"version": "5.0.12-hotfix update",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Diego Garc\u00eda of INCIDE for discovering and reporting this issue."
}
],
"datePublic": "2022-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue. However, details of this vulnerability are expected to become publicly available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-14T16:35:08.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0029"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 5.0.12-hotfix update, Cortex XDR agent 7.5.101-CE, Cortex XDR agent 7.7.3, and all later versions of the Cortex XDR agent."
}
],
"source": {
"defect": [
"CPATR-16806"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-09-14T00:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2022-09-14T16:00:00.000Z",
"ID": "CVE-2022-0029",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.7",
"version_value": "7.7.3"
},
{
"version_affected": "!\u003e=",
"version_name": "7.7",
"version_value": "7.7.3"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.5 CE",
"version_value": "7.5.101-CE"
},
{
"version_affected": "!\u003e=",
"version_name": "7.5 CE",
"version_value": "7.5.101-CE"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.12-hotfix update"
},
{
"version_affected": "!",
"version_name": "7.8",
"version_value": "all"
},
{
"version_affected": "!\u003e=",
"version_name": "5.0",
"version_value": "5.0.12-hotfix update"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Diego Garc\u00eda of INCIDE for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue. However, details of this vulnerability are expected to become publicly available."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2022-0029",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2022-0029"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 5.0.12-hotfix update, Cortex XDR agent 7.5.101-CE, Cortex XDR agent 7.7.3, and all later versions of the Cortex XDR agent."
}
],
"source": {
"defect": [
"CPATR-16806"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-09-14T00:00:00.000Z",
"value": "Initial publication"
}
],
"x_advisoryEoL": false,
"x_affectedList": [
"Cortex XDR Agent 7.7",
"Cortex XDR Agent 7.5 CE",
"Cortex XDR Agent 5.0",
"Cortex XDR Agent"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2022-0029",
"datePublished": "2022-09-14T16:35:08.910Z",
"dateReserved": "2021-12-28T00:00:00.000Z",
"dateUpdated": "2025-06-04T15:08:32.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0017 (GCVE-0-2022-0017)
Vulnerability from cvelistv5 – Published: 2022-02-10 18:10 – Updated: 2024-09-16 17:58- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2022-0017 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | GlobalProtect App |
Affected:
5.2 , < 5.2.5
(custom)
Affected: 5.1 , < 5.1.10 (custom) |
|
| Palo Alto Networks | GlobalProtect App |
Unaffected:
5.3.*
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "GlobalProtect App",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "5.2.5",
"status": "unaffected"
}
],
"lessThan": "5.2.5",
"status": "affected",
"version": "5.2",
"versionType": "custom"
},
{
"changes": [
{
"at": "5.1.10",
"status": "unaffected"
}
],
"lessThan": "5.1.10",
"status": "affected",
"version": "5.1",
"versionType": "custom"
}
]
},
{
"product": "GlobalProtect App",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "5.3.*"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Christophe Schleypen of NATO Cyber Security Centre Pentesting for discovering and reporting this issue."
}
],
"datePublic": "2022-02-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An improper link resolution before file access (\u0027link following\u0027) vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows. GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.5 on Windows. This issue does not affect GlobalProtect app on other platforms."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-10T18:10:18.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0017"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect app 5.1.10 on Windows, GlobalProtect app 5.2.5 on Windows and all later GlobalProtect app versions."
}
],
"source": {
"defect": [
"GPC-10982"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-02-09T00:00:00.000Z",
"value": "Initial publication"
}
],
"title": "GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2022-02-09T17:00:00.000Z",
"ID": "CVE-2022-0017",
"STATE": "PUBLIC",
"TITLE": "GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GlobalProtect App",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "5.2",
"version_value": "5.2.5"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "5.2",
"version_value": "5.2.5"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "5.1",
"version_value": "5.1.10"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "5.1",
"version_value": "5.1.10"
},
{
"version_affected": "!",
"version_name": "5.3",
"version_value": "5.3.*"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Christophe Schleypen of NATO Cyber Security Centre Pentesting for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper link resolution before file access (\u0027link following\u0027) vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows. GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.5 on Windows. This issue does not affect GlobalProtect app on other platforms."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2022-0017",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2022-0017"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect app 5.1.10 on Windows, GlobalProtect app 5.2.5 on Windows and all later GlobalProtect app versions."
}
],
"source": {
"defect": [
"GPC-10982"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-02-09T00:00:00.000Z",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_advisoryEoL": true,
"x_affectedList": [
"GlobalProtect App 5.2.4",
"GlobalProtect App 5.2.3",
"GlobalProtect App 5.2.2",
"GlobalProtect App 5.2.1",
"GlobalProtect App 5.2.0",
"GlobalProtect App 5.2",
"GlobalProtect App 5.1.9",
"GlobalProtect App 5.1.8",
"GlobalProtect App 5.1.7",
"GlobalProtect App 5.1.6",
"GlobalProtect App 5.1.5",
"GlobalProtect App 5.1.4",
"GlobalProtect App 5.1.3",
"GlobalProtect App 5.1.1",
"GlobalProtect App 5.1.0",
"GlobalProtect App 5.1"
],
"x_likelyAffectedList": [
"GlobalProtect App 5.0.10",
"GlobalProtect App 5.0.9",
"GlobalProtect App 5.0.8",
"GlobalProtect App 5.0.7",
"GlobalProtect App 5.0.6",
"GlobalProtect App 5.0.5",
"GlobalProtect App 5.0.4",
"GlobalProtect App 5.0.3",
"GlobalProtect App 5.0.2",
"GlobalProtect App 5.0.1",
"GlobalProtect App 5.0.0",
"GlobalProtect App 5.0",
"GlobalProtect App 4.1.13",
"GlobalProtect App 4.1.12",
"GlobalProtect App 4.1.11",
"GlobalProtect App 4.1.10",
"GlobalProtect App 4.1.9",
"GlobalProtect App 4.1.8",
"GlobalProtect App 4.1.7",
"GlobalProtect App 4.1.6",
"GlobalProtect App 4.1.5",
"GlobalProtect App 4.1.4",
"GlobalProtect App 4.1.3",
"GlobalProtect App 4.1.2",
"GlobalProtect App 4.1.1",
"GlobalProtect App 4.1.0",
"GlobalProtect App 4.1",
"GlobalProtect App 4.0.8",
"GlobalProtect App 4.0.7",
"GlobalProtect App 4.0.6",
"GlobalProtect App 4.0.5",
"GlobalProtect App 4.0.4",
"GlobalProtect App 4.0.3",
"GlobalProtect App 4.0.2",
"GlobalProtect App 4.0.0",
"GlobalProtect App 4.0",
"GlobalProtect App 3.1.6",
"GlobalProtect App 3.1.5",
"GlobalProtect App 3.1.4",
"GlobalProtect App 3.1.3",
"GlobalProtect App 3.1.1",
"GlobalProtect App 3.1.0",
"GlobalProtect App 3.1",
"GlobalProtect App 3.0.3",
"GlobalProtect App 3.0.2",
"GlobalProtect App 3.0.1",
"GlobalProtect App 3.0.0",
"GlobalProtect App 3.0",
"GlobalProtect App 2.3.5",
"GlobalProtect App 2.3.4",
"GlobalProtect App 2.3.3",
"GlobalProtect App 2.3.2",
"GlobalProtect App 2.3.1",
"GlobalProtect App 2.3.0",
"GlobalProtect App 2.3",
"GlobalProtect App 2.2.2",
"GlobalProtect App 2.2.1",
"GlobalProtect App 2.2.0",
"GlobalProtect App 2.2",
"GlobalProtect App 2.1.4",
"GlobalProtect App 2.1.3",
"GlobalProtect App 2.1.2",
"GlobalProtect App 2.1.1",
"GlobalProtect App 2.1.0",
"GlobalProtect App 2.1",
"GlobalProtect App 2.0.5",
"GlobalProtect App 2.0.4",
"GlobalProtect App 2.0.3",
"GlobalProtect App 2.0.2",
"GlobalProtect App 2.0.1",
"GlobalProtect App 2.0.0",
"GlobalProtect App 2.0",
"GlobalProtect App 1.2.11",
"GlobalProtect App 1.2.10",
"GlobalProtect App 1.2.9",
"GlobalProtect App 1.2.8",
"GlobalProtect App 1.2.7",
"GlobalProtect App 1.2.6",
"GlobalProtect App 1.2.5",
"GlobalProtect App 1.2.4",
"GlobalProtect App 1.2.3",
"GlobalProtect App 1.2.2",
"GlobalProtect App 1.2.1",
"GlobalProtect App 1.2.0",
"GlobalProtect App 1.2",
"GlobalProtect App 1.1.8",
"GlobalProtect App 1.1.7",
"GlobalProtect App 1.1.6",
"GlobalProtect App 1.1.5",
"GlobalProtect App 1.1.4",
"GlobalProtect App 1.1.3",
"GlobalProtect App 1.1.2",
"GlobalProtect App 1.1.1",
"GlobalProtect App 1.1.0",
"GlobalProtect App 1.1",
"GlobalProtect App 1.0.8",
"GlobalProtect App 1.0.7",
"GlobalProtect App 1.0.5",
"GlobalProtect App 1.0.3",
"GlobalProtect App 1.0.1",
"GlobalProtect App 1.0"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2022-0017",
"datePublished": "2022-02-10T18:10:18.618Z",
"dateReserved": "2021-12-28T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:58:01.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0012 (GCVE-0-2022-0012)
Vulnerability from cvelistv5 – Published: 2022-01-12 17:30 – Updated: 2024-09-17 01:55- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2022-0012 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Unaffected:
7.4.*
Unaffected: 7.5.* Unaffected: 7.6.* Affected: 5.0 , < 5.0.12 (custom) Affected: 7.2 , < 7.2.4 (custom) Affected: 7.3 , < 7.3.2 (custom) Affected: 6.1 , < 6.1.9 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "7.4.*"
},
{
"status": "unaffected",
"version": "7.5.*"
},
{
"status": "unaffected",
"version": "7.6.*"
},
{
"changes": [
{
"at": "5.0.12",
"status": "unaffected"
}
],
"lessThan": "5.0.12",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "7.2.4",
"status": "unaffected"
}
],
"lessThan": "7.2.4",
"status": "affected",
"version": "7.2",
"versionType": "custom"
},
{
"changes": [
{
"at": "7.3.2",
"status": "unaffected"
}
],
"lessThan": "7.3.2",
"status": "affected",
"version": "7.3",
"versionType": "custom"
},
{
"changes": [
{
"at": "6.1.9",
"status": "unaffected"
}
],
"lessThan": "6.1.9",
"status": "affected",
"version": "6.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Chris Au for discovering and reporting this issue."
}
],
"datePublic": "2022-01-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-12T17:30:15.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0012"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, Cortex XDR agent 7.2.4, Cortex XDR agent 7.3.2, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-13408"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-01-12T00:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Arbitrary File Deletion Vulnerability",
"workarounds": [
{
"lang": "en",
"value": "There is no known workaround available for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-0012",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: Local Arbitrary File Deletion Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.12"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "5.0",
"version_value": "5.0.12"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.2",
"version_value": "7.2.4"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "7.2",
"version_value": "7.2.4"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.3",
"version_value": "7.3.2"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "7.3",
"version_value": "7.3.2"
},
{
"platform": "Windows",
"version_affected": "!",
"version_name": "7.4",
"version_value": "7.4.*"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "6.1",
"version_value": "6.1.9"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "6.1",
"version_value": "6.1.9"
},
{
"platform": "Windows",
"version_affected": "!",
"version_name": "7.5",
"version_value": "7.5.*"
},
{
"platform": "Windows",
"version_affected": "!",
"version_name": "7.6",
"version_value": "7.6.*"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Chris Au for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2022-0012",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2022-0012"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, Cortex XDR agent 7.2.4, Cortex XDR agent 7.3.2, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-13408"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-01-12T00:00:00.000Z",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "There is no known workaround available for this issue."
}
],
"x_advisoryEoL": false,
"x_affectedList": [
"Cortex XDR Agent 7.3",
"Cortex XDR Agent 7.2",
"Cortex XDR Agent 7.1",
"Cortex XDR Agent 7.0",
"Cortex XDR Agent 6.1",
"Cortex XDR Agent 5.0"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2022-0012",
"datePublished": "2022-01-12T17:30:15.528Z",
"dateReserved": "2021-12-28T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:55:48.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47949 (GCVE-0-2021-47949)
Vulnerability from cvelistv5 – Published: 2026-05-10 12:52 – Updated: 2026-05-11 12:51- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/50230 | exploit |
| https://cyberpanel.net/ | product |
| https://github.com/usmannasir/cyberpanel | product |
| https://www.vulncheck.com/advisories/cyberpanel-a… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Cyberpanel | CyberPanel |
Affected:
<= 2.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47949",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-11T12:50:59.565034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T12:51:17.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CyberPanel",
"vendor": "Cyberpanel",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.1"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cyberpanel:cyberpanel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Numan T\u00fcrle"
}
],
"datePublic": "2021-08-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to /filemanager/controller to create symbolic links, read sensitive files like database credentials, and execute arbitrary shell commands through the /websites/fetchFolderDetails endpoint."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-10T12:52:10.631Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-50230",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50230"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://cyberpanel.net/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "https://github.com/usmannasir/cyberpanel"
},
{
"name": "VulnCheck Advisory: CyberPanel 2.1 Authenticated Remote Code Execution via Symlink Attack",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/cyberpanel-authenticated-remote-code-execution-via-symlink-attack"
}
],
"title": "CyberPanel 2.1 Authenticated Remote Code Execution via Symlink Attack",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47949",
"datePublished": "2026-05-10T12:52:10.631Z",
"dateReserved": "2026-02-01T11:24:18.719Z",
"dateUpdated": "2026-05-11T12:51:17.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-44730 (GCVE-0-2021-44730)
Vulnerability from cvelistv5 – Published: 2022-02-17 22:15 – Updated: 2024-08-04 04:32- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| URL | Tags |
|---|---|
| https://ubuntu.com/security/notices/USN-5292-1 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2022/02/18/2 | mailing-listx_refsource_MLIST |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.debian.org/security/2022/dsa-5080 | vendor-advisoryx_refsource_DEBIAN |
| http://www.openwall.com/lists/oss-security/2022/02/23/1 | mailing-listx_refsource_MLIST |
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical Ltd. | snapd |
Affected:
unspecified , ≤ 2.54.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:12.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5292-1"
},
{
"name": "[oss-security] 20220218 CVE-2021-4120: Insufficient validation of snap content interface and layout paths",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/18/2"
},
{
"name": "FEDORA-2022-82bea71e5a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/"
},
{
"name": "FEDORA-2022-5df8b52ba4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/"
},
{
"name": "DSA-5080",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5080"
},
{
"name": "[oss-security] 20220223 Re: CVE-2021-44731: Race condition in snap-confine\u0027s setup_private_mount()",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/23/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snapd",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThanOrEqual": "2.54.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Qualys Research Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-23T12:06:05.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ubuntu.com/security/notices/USN-5292-1"
},
{
"name": "[oss-security] 20220218 CVE-2021-4120: Insufficient validation of snap content interface and layout paths",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/18/2"
},
{
"name": "FEDORA-2022-82bea71e5a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/"
},
{
"name": "FEDORA-2022-5df8b52ba4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/"
},
{
"name": "DSA-5080",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5080"
},
{
"name": "[oss-security] 20220223 Re: CVE-2021-44731: Race condition in snap-confine\u0027s setup_private_mount()",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/23/1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "snapd could be made to escalate privileges and run programs as administrator",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2021-44730",
"STATE": "PUBLIC",
"TITLE": "snapd could be made to escalate privileges and run programs as administrator"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snapd",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.54.2"
}
]
}
}
]
},
"vendor_name": "Canonical Ltd."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Qualys Research Team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ubuntu.com/security/notices/USN-5292-1",
"refsource": "MISC",
"url": "https://ubuntu.com/security/notices/USN-5292-1"
},
{
"name": "[oss-security] 20220218 CVE-2021-4120: Insufficient validation of snap content interface and layout paths",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/02/18/2"
},
{
"name": "FEDORA-2022-82bea71e5a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/"
},
{
"name": "FEDORA-2022-5df8b52ba4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/"
},
{
"name": "DSA-5080",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5080"
},
{
"name": "[oss-security] 20220223 Re: CVE-2021-44731: Race condition in snap-confine\u0027s setup_private_mount()",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/02/23/1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2021-44730",
"datePublished": "2022-02-17T22:15:18.000Z",
"dateReserved": "2021-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:32:12.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44052 (GCVE-0-2021-44052)
Vulnerability from cvelistv5 – Published: 2022-05-05 16:50 – Updated: 2024-09-16 22:56| URL | Tags |
|---|---|
| https://www.qnap.com/en/security-advisory/qsa-22-16 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| QNAP Systems Inc. | QuTScloud |
Affected:
unspecified , < c5.0.1.1998
(custom)
|
|
| QNAP Systems Inc. | QuTS hero |
Affected:
unspecified , < h4.5.4.1971 build 20220310
(custom)
Affected: unspecified , < h5.0.0.1986 build 20220324 (custom) |
|
| QNAP Systems Inc. | QTS |
Affected:
unspecified , < 4.3.4.1976 build 20220303
(custom)
Affected: unspecified , < 4.3.3.1945 build 20220303 (custom) Affected: unspecified , < 4.2.6 build 20220304 (custom) Affected: unspecified , < 4.3.6.1965 build 20220302 (custom) Affected: unspecified , < 5.0.0.1986 build 20220324 (custom) Affected: unspecified , < 4.5.4.1991 build 20220329 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QuTScloud",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "c5.0.1.1998",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "QuTS hero",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "h4.5.4.1971 build 20220310",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "h5.0.0.1986 build 20220324",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "4.3.4.1976 build 20220303",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.3.3.1945 build 20220303",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.2.6 build 20220304",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.3.6.1965 build 20220302",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "5.0.0.1986 build 20220324",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.5.4.1991 build 20220329",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Enio Pena Navarro and Michael Messner from Siemens Energy AG"
}
],
"datePublic": "2022-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An improper link resolution before file access (\u0027Link Following\u0027) vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, and QTS: QuTScloud c5.0.1.1998 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 4.3.4.1976 build 20220303 and later QTS 4.3.3.1945 build 20220303 and later QTS 4.2.6 build 20220304 and later QTS 4.3.6.1965 build 20220302 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-05T16:50:21.000Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-16"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, and QTS:\nQuTScloud c5.0.1.1998 and later\nQuTS hero h4.5.4.1971 build 20220310 and later\nQuTS hero h5.0.0.1986 build 20220324 and later\nQTS 4.3.4.1976 build 20220303 and later\nQTS 4.3.3.1945 build 20220303 and later\nQTS 4.2.6 build 20220304 and later\nQTS 4.3.6.1965 build 20220302 and later\nQTS 5.0.0.1986 build 20220324 and later\nQTS 4.5.4.1991 build 20220329 and later"
}
],
"source": {
"advisory": "QSA-22-16",
"discovery": "EXTERNAL"
},
"title": "Arbitrary file read",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-05-06T00:00:00.000Z",
"ID": "CVE-2021-44052",
"STATE": "PUBLIC",
"TITLE": "Arbitrary file read"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QuTScloud",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "c5.0.1.1998"
}
]
}
},
{
"product_name": "QuTS hero",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "h4.5.4.1971 build 20220310"
},
{
"version_affected": "\u003c",
"version_value": "h5.0.0.1986 build 20220324"
}
]
}
},
{
"product_name": "QTS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.3.4.1976 build 20220303"
},
{
"version_affected": "\u003c",
"version_value": "4.3.3.1945 build 20220303"
},
{
"version_affected": "\u003c",
"version_value": "4.2.6 build 20220304"
},
{
"version_affected": "\u003c",
"version_value": "4.3.6.1965 build 20220302"
},
{
"version_affected": "\u003c",
"version_value": "5.0.0.1986 build 20220324"
},
{
"version_affected": "\u003c",
"version_value": "4.5.4.1991 build 20220329"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Enio Pena Navarro and Michael Messner from Siemens Energy AG"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper link resolution before file access (\u0027Link Following\u0027) vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, and QTS: QuTScloud c5.0.1.1998 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 4.3.4.1976 build 20220303 and later QTS 4.3.3.1945 build 20220303 and later QTS 4.2.6 build 20220304 and later QTS 4.3.6.1965 build 20220302 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-22-16",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-22-16"
}
]
},
"solution": [
{
"lang": "en",
"value": "We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, and QTS:\nQuTScloud c5.0.1.1998 and later\nQuTS hero h4.5.4.1971 build 20220310 and later\nQuTS hero h5.0.0.1986 build 20220324 and later\nQTS 4.3.4.1976 build 20220303 and later\nQTS 4.3.3.1945 build 20220303 and later\nQTS 4.2.6 build 20220304 and later\nQTS 4.3.6.1965 build 20220302 and later\nQTS 5.0.0.1986 build 20220324 and later\nQTS 4.5.4.1991 build 20220329 and later"
}
],
"source": {
"advisory": "QSA-22-16",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-44052",
"datePublished": "2022-05-05T16:50:22.030Z",
"dateReserved": "2021-11-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:56:12.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37712 (GCVE-0-2021-37712)
Vulnerability from cvelistv5 – Published: 2021-08-31 00:00 – Updated: 2024-08-04 01:23{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:23:01.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.npmjs.com/package/tar"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "DSA-5008",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5008"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"name": "[debian-lts-announce] 20221212 [SECURITY] [DLA 3237-1] node-tar security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "node-tar",
"vendor": "npm",
"versions": [
{
"status": "affected",
"version": "\u003c 4.4.18"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.10"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.1.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The npm package \"tar\" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with names containing unicode values that normalized to the same value. Additionally, on Windows systems, long path portions would resolve to the same file system entities as their 8.3 \"short path\" counterparts. A specially crafted tar archive could thus include a directory with one form of the path, followed by a symbolic link with a different string that resolves to the same file system entity, followed by a file using the first form. By first creating a directory, and then replacing that directory with a symlink that had a different apparent name that resolved to the same entry in the filesystem, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. If this is not possible, a workaround is available in the referenced GHSA-qq89-hq3f-393p."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://www.npmjs.com/package/tar"
},
{
"url": "https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "DSA-5008",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5008"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"name": "[debian-lts-announce] 20221212 [SECURITY] [DLA 3237-1] node-tar security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00023.html"
}
],
"source": {
"advisory": "GHSA-qq89-hq3f-393p",
"discovery": "UNKNOWN"
},
"title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-37712",
"datePublished": "2021-08-31T00:00:00.000Z",
"dateReserved": "2021-07-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:23:01.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37701 (GCVE-0-2021-37701)
Vulnerability from cvelistv5 – Published: 2021-08-31 00:00 – Updated: 2024-08-04 01:23{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:23:01.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.npmjs.com/package/tar"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "DSA-5008",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5008"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"name": "[debian-lts-announce] 20221212 [SECURITY] [DLA 3237-1] node-tar security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "node-tar",
"vendor": "npm",
"versions": [
{
"status": "affected",
"version": "\u003c 4.4.16"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.8"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.1.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The npm package \"tar\" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory, where the symlink and directory names in the archive entry used backslashes as a path separator on posix systems. The cache checking logic used both `\\` and `/` characters as path separators, however `\\` is a valid filename character on posix systems. By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. Additionally, a similar confusion could arise on case-insensitive filesystems. If a tar archive contained a directory at `FOO`, followed by a symbolic link named `foo`, then on case-insensitive file systems, the creation of the symbolic link would remove the directory from the filesystem, but _not_ from the internal directory cache, as it would not be treated as a cache hit. A subsequent file entry within the `FOO` directory would then be placed in the target of the symbolic link, thinking that the directory had already been created. These issues were addressed in releases 4.4.16, 5.0.8 and 6.1.7. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. If this is not possible, a workaround is available in the referenced GHSA-9r2w-394v-53qc."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://www.npmjs.com/package/tar"
},
{
"url": "https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "DSA-5008",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5008"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"name": "[debian-lts-announce] 20221212 [SECURITY] [DLA 3237-1] node-tar security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00023.html"
}
],
"source": {
"advisory": "GHSA-9r2w-394v-53qc",
"discovery": "UNKNOWN"
},
"title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-37701",
"datePublished": "2021-08-31T00:00:00.000Z",
"dateReserved": "2021-07-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:23:01.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35939 (GCVE-0-2021-35939)
Vulnerability from cvelistv5 – Published: 2022-08-26 00:00 – Updated: 2024-08-04 00:40- CWE-59 - - Improper Link Resolution Before File Access ('Link Following')
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:40:47.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rpm.org/wiki/Releases/4.18.0"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rpm-software-management/rpm/pull/1919"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964129"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-35939"
},
{
"name": "GLSA-202210-22",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RPM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in RPM-v4.18"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 - Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://rpm.org/wiki/Releases/4.18.0"
},
{
"url": "https://github.com/rpm-software-management/rpm/pull/1919"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964129"
},
{
"url": "https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-35939"
},
{
"name": "GLSA-202210-22",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-22"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-35939",
"datePublished": "2022-08-26T00:00:00.000Z",
"dateReserved": "2021-06-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:40:47.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35938 (GCVE-0-2021-35938)
Vulnerability from cvelistv5 – Published: 2022-08-25 00:00 – Updated: 2024-08-04 00:40- CWE-59 - - Improper Link Resolution Before File Access ('Link Following')
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:40:47.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964114"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1157880"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-35938"
},
{
"tags": [
"x_transferred"
],
"url": "https://rpm.org/wiki/Releases/4.18.0"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rpm-software-management/rpm/pull/1919"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033"
},
{
"name": "GLSA-202210-22",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RPM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in rpm v4.18.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 - Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964114"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1157880"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-35938"
},
{
"url": "https://rpm.org/wiki/Releases/4.18.0"
},
{
"url": "https://github.com/rpm-software-management/rpm/pull/1919"
},
{
"url": "https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033"
},
{
"name": "GLSA-202210-22",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-22"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-35938",
"datePublished": "2022-08-25T00:00:00.000Z",
"dateReserved": "2021-06-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:40:47.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation MIT-48.1
Strategy: Separation of Privilege
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack
An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.
CAPEC-17: Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.