CWE-61
AllowedUNIX Symbolic Link (Symlink) Following
Abstraction: Compound · Status: Incomplete
The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
270 vulnerabilities reference this CWE, most recent first.
CVE-2024-34014 (GCVE-0-2024-34014)
Vulnerability from cvelistv5 – Published: 2024-11-11 13:20 – Updated: 2025-02-27 22:59| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis Backup plugin for cPanel & WHM |
Affected:
unspecified , < 1.8.3.818
(semver)
|
|
| Acronis | Acronis Backup plugin for cPanel & WHM |
Affected:
unspecified , < 1.9.1.892
(semver)
|
|
| Acronis | Acronis Backup extension for Plesk |
Affected:
unspecified , < 1.8.6.599
(semver)
|
|
| Acronis | Acronis Backup plugin for DirectAdmin |
Affected:
unspecified , < 1.2.2.181
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-11T15:57:56.705448Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T15:58:19.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup plugin for cPanel \u0026 WHM",
"vendor": "Acronis",
"versions": [
{
"lessThan": "1.8.3.818",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup plugin for cPanel \u0026 WHM",
"vendor": "Acronis",
"versions": [
{
"lessThan": "1.9.1.892",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup extension for Plesk",
"vendor": "Acronis",
"versions": [
{
"lessThan": "1.8.6.599",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup plugin for DirectAdmin",
"vendor": "Acronis",
"versions": [
{
"lessThan": "1.2.2.181",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Milos Colakovic (mailto:mcolakovic@godaddy.com)"
},
{
"lang": "en",
"type": "finder",
"value": "Nikola Nikolic (mailto:nnikolic@godaddy.com)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel \u0026 WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel \u0026 WHM (Linux) before build 1.9.1.892, Acronis Backup extension for Plesk (Linux) before build 1.8.6.599, Acronis Backup plugin for DirectAdmin (Linux) before build 1.2.2.181."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T22:59:35.050Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-7592",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-7592"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2024-34014",
"datePublished": "2024-11-11T13:20:33.777Z",
"dateReserved": "2024-04-29T15:33:32.845Z",
"dateUpdated": "2025-02-27T22:59:35.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28189 (GCVE-0-2024-28189)
Vulnerability from cvelistv5 – Published: 2024-04-18 14:40 – Updated: 2024-08-02 00:48| URL | Tags |
|---|---|
| https://github.com/judge0/judge0/security/advisor… | x_refsource_CONFIRM |
| https://github.com/judge0/judge0/security/advisor… | x_refsource_MISC |
| https://github.com/judge0/judge0/commit/f3b8547b3… | x_refsource_MISC |
| https://github.com/judge0/judge0/blob/v1.13.0/app… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:judge0:judge0:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "judge0",
"vendor": "judge0",
"versions": [
{
"lessThanOrEqual": "1.13.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28189",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-07T19:38:56.803559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T19:40:09.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/judge0/judge0/security/advisories/GHSA-3xpw-36v7-2cmg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/judge0/judge0/security/advisories/GHSA-3xpw-36v7-2cmg"
},
{
"name": "https://github.com/judge0/judge0/security/advisories/GHSA-h9g2-45c8-89cf",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/judge0/judge0/security/advisories/GHSA-h9g2-45c8-89cf"
},
{
"name": "https://github.com/judge0/judge0/commit/f3b8547b3b67863e4ea0ded3adcb963add56addd",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/judge0/judge0/commit/f3b8547b3b67863e4ea0ded3adcb963add56addd"
},
{
"name": "https://github.com/judge0/judge0/blob/v1.13.0/app/jobs/isolate_job.rb#L232",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/judge0/judge0/blob/v1.13.0/app/jobs/isolate_job.rb#L232"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "judge0",
"vendor": "judge0",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link (symlink) to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside of the sandbox. This vulnerability is not impactful on it\u0027s own, but it can be used to bypass the patch for CVE-2024-28185 and obtain a complete sandbox escape. This vulnerability is fixed in 1.13.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-18T14:40:29.320Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/judge0/judge0/security/advisories/GHSA-3xpw-36v7-2cmg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/judge0/judge0/security/advisories/GHSA-3xpw-36v7-2cmg"
},
{
"name": "https://github.com/judge0/judge0/security/advisories/GHSA-h9g2-45c8-89cf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/judge0/judge0/security/advisories/GHSA-h9g2-45c8-89cf"
},
{
"name": "https://github.com/judge0/judge0/commit/f3b8547b3b67863e4ea0ded3adcb963add56addd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/judge0/judge0/commit/f3b8547b3b67863e4ea0ded3adcb963add56addd"
},
{
"name": "https://github.com/judge0/judge0/blob/v1.13.0/app/jobs/isolate_job.rb#L232",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/judge0/judge0/blob/v1.13.0/app/jobs/isolate_job.rb#L232"
}
],
"source": {
"advisory": "GHSA-3xpw-36v7-2cmg",
"discovery": "UNKNOWN"
},
"title": "Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28189",
"datePublished": "2024-04-18T14:40:29.320Z",
"dateReserved": "2024-03-06T17:35:00.859Z",
"dateUpdated": "2024-08-02T00:48:49.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28185 (GCVE-0-2024-28185)
Vulnerability from cvelistv5 – Published: 2024-04-18 14:31 – Updated: 2024-08-02 00:48| URL | Tags |
|---|---|
| https://github.com/judge0/judge0/security/advisor… | x_refsource_CONFIRM |
| https://github.com/judge0/judge0/commit/846d58390… | x_refsource_MISC |
| https://github.com/judge0/judge0/blob/v1.13.0/app… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:judge0:judge0:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "judge0",
"vendor": "judge0",
"versions": [
{
"lessThanOrEqual": "1.13.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28185",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T18:57:08.693509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T17:50:37.115Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/judge0/judge0/security/advisories/GHSA-h9g2-45c8-89cf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/judge0/judge0/security/advisories/GHSA-h9g2-45c8-89cf"
},
{
"name": "https://github.com/judge0/judge0/commit/846d5839026161bb299b7a35fd3b2afb107992fc",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/judge0/judge0/commit/846d5839026161bb299b7a35fd3b2afb107992fc"
},
{
"name": "https://github.com/judge0/judge0/blob/v1.13.0/app/jobs/isolate_job.rb#L197-L201",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/judge0/judge0/blob/v1.13.0/app/jobs/isolate_job.rb#L197-L201"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "judge0",
"vendor": "judge0",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. When executing a submission, Judge0 writes a `run_script` to the sandbox directory. The security issue is that an attacker can create a symbolic link (symlink) at the path `run_script` before this code is executed, resulting in the `f.write` writing to an arbitrary file on the unsandboxed system. An attacker can leverage this vulnerability to overwrite scripts on the system and gain code execution outside of the sandbox.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-18T14:39:38.915Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/judge0/judge0/security/advisories/GHSA-h9g2-45c8-89cf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/judge0/judge0/security/advisories/GHSA-h9g2-45c8-89cf"
},
{
"name": "https://github.com/judge0/judge0/commit/846d5839026161bb299b7a35fd3b2afb107992fc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/judge0/judge0/commit/846d5839026161bb299b7a35fd3b2afb107992fc"
},
{
"name": "https://github.com/judge0/judge0/blob/v1.13.0/app/jobs/isolate_job.rb#L197-L201",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/judge0/judge0/blob/v1.13.0/app/jobs/isolate_job.rb#L197-L201"
}
],
"source": {
"advisory": "GHSA-h9g2-45c8-89cf",
"discovery": "UNKNOWN"
},
"title": "Judge0 vulnerable to Sandbox Escape via Symbolic Link"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28185",
"datePublished": "2024-04-18T14:31:16.326Z",
"dateReserved": "2024-03-06T17:35:00.857Z",
"dateUpdated": "2024-08-02T00:48:49.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25953 (GCVE-0-2024-25953)
Vulnerability from cvelistv5 – Published: 2024-03-28 18:27 – Updated: 2024-08-01 23:52- CWE-61 - UNIX Symbolic Link (Symlink) Following
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022336… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | PowerScale OneFS |
Affected:
9.4.0.0 , ≤ 9.4.0.16
(semver)
Affected: 9.5.0.0 , ≤ 9.5.0.7 (semver) Affected: 9.6.1.0 , ≤ 9.7.0.0 (semver) Affected: 9.7.0.0 , ≤ 9.7.0.1 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25953",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-28T19:47:29.410981Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:21.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:52:06.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerScale OneFS",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "9.4.0.16",
"status": "affected",
"version": "9.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.5.0.7",
"status": "affected",
"version": "9.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.7.0.0",
"status": "affected",
"version": "9.6.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.7.0.1",
"status": "affected",
"version": "9.7.0.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-03-28T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering."
}
],
"value": "Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-28T18:27:36.312Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-25953",
"datePublished": "2024-03-28T18:27:36.312Z",
"dateReserved": "2024-02-13T05:32:19.479Z",
"dateUpdated": "2024-08-01T23:52:06.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25952 (GCVE-0-2024-25952)
Vulnerability from cvelistv5 – Published: 2024-03-28 18:21 – Updated: 2024-08-01 23:52- CWE-61 - UNIX Symbolic Link (Symlink) Following
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022336… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | PowerScale OneFS |
Affected:
8.2.2 , ≤ 9.3.0.0
(semver)
Affected: 9.4.0.0 , ≤ 9.4.0.16 (semver) Affected: 9.5.0.0 , ≤ 9.5.0.7 (semver) Affected: 9.6.1.0 , ≤ 9.7.0.0 (semver) Affected: 9.7.0.0 , ≤ 9.7.0.1 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25952",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-29T14:55:31.456808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:35:48.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:52:06.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerScale OneFS",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "9.3.0.0",
"status": "affected",
"version": "8.2.2 ",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.4.0.16",
"status": "affected",
"version": "9.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.5.0.7",
"status": "affected",
"version": "9.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.7.0.0",
"status": "affected",
"version": "9.6.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.7.0.1",
"status": "affected",
"version": "9.7.0.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-03-28T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering."
}
],
"value": "Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-28T18:21:38.430Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-25952",
"datePublished": "2024-03-28T18:21:38.430Z",
"dateReserved": "2024-02-13T05:32:19.479Z",
"dateUpdated": "2024-08-01T23:52:06.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1933 (GCVE-0-2024-1933)
Vulnerability from cvelistv5 – Published: 2024-03-26 12:47 – Updated: 2024-08-05 14:04- CWE-61 - UNIX Symbolic Link (Symlink) Following
| Vendor | Product | Version | |
|---|---|---|---|
| TeamViewer | Remote Client |
Affected:
0 , < 15.52
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.teamviewer.com/de/resources/trust-center/security-bulletins/tv-2024-1002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1933",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T19:35:08.118253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T14:04:34.250Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Remote Client",
"vendor": "TeamViewer",
"versions": [
{
"lessThan": "15.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with unprivileged access, to potentially elevate privileges or conduct a denial-of-service-attack by overwriting the symlink."
}
],
"value": "Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with unprivileged access, to potentially elevate privileges or conduct a denial-of-service-attack by overwriting the symlink."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T12:47:11.238Z",
"orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
"shortName": "TV"
},
"references": [
{
"url": "https://www.teamviewer.com/de/resources/trust-center/security-bulletins/tv-2024-1002/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to the latest version of TeamViewer Client for macOS (15.52 or higher)."
}
],
"value": "Update to the latest version of TeamViewer Client for macOS (15.52 or higher)."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper symlink resolution in TeamViewer Remote client for macOS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6",
"assignerShortName": "TV",
"cveId": "CVE-2024-1933",
"datePublished": "2024-03-26T12:47:11.238Z",
"dateReserved": "2024-02-27T14:10:39.499Z",
"dateUpdated": "2024-08-05T14:04:34.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0134 (GCVE-0-2024-0134)
Vulnerability from cvelistv5 – Published: 2024-11-05 18:37 – Updated: 2024-11-05 18:52| Vendor | Product | Version | |
|---|---|---|---|
| NVIDIA | NVIDIA Container Toolkit |
Affected:
All versions up to and including v1.16.2
|
|
| NVIDIA | NVIDIA GPU Operator |
Affected:
All versions up to and including 24.6.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-05T18:51:43.650698Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T18:52:00.366Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "NVIDIA Container Toolkit",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions up to and including v1.16.2"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "NVIDIA GPU Operator",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions up to and including 24.6.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering.\u003c/span\u003e"
}
],
"value": "NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Data tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T18:37:31.699Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5585"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2024-0134",
"datePublished": "2024-11-05T18:37:31.699Z",
"dateReserved": "2023-12-02T00:42:44.854Z",
"dateUpdated": "2024-11-05T18:52:00.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41969 (GCVE-0-2023-41969)
Vulnerability from cvelistv5 – Published: 2024-03-26 14:14 – Updated: 2024-10-17 15:11| Vendor | Product | Version | |
|---|---|---|---|
| Zscaler | Client Connector |
Affected:
0 , < 4.3.0
(custom)
|
|
| zscaler | client_connector |
Affected:
0 , < 4.3.0
(custom)
cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "client_connector",
"vendor": "zscaler",
"versions": [
{
"lessThan": "4.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T14:40:05.047225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T14:41:26.303Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Client Connector",
"vendor": "Zscaler",
"versions": [
{
"lessThan": "4.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Singapore GovTech Red Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eAn arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp issue reporting file from the unprivileged end user access and modification. Fixed version: Win ZApp 4.3.0 and later.\u003c/span\u003e\u003c/b\u003e"
}
],
"value": "An arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp issue reporting file from the unprivileged end user access and modification. Fixed version: Win ZApp 4.3.0 and later."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T15:11:15.463Z",
"orgId": "73c6f63b-efac-410d-a0a9-569700f85a04",
"shortName": "Zscaler"
},
"references": [
{
"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ZSATrayManager Arbitrary File Deletion",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "73c6f63b-efac-410d-a0a9-569700f85a04",
"assignerShortName": "Zscaler",
"cveId": "CVE-2023-41969",
"datePublished": "2024-03-26T14:14:21.872Z",
"dateReserved": "2023-09-06T17:14:12.958Z",
"dateUpdated": "2024-10-17T15:11:15.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39246 (GCVE-0-2023-39246)
Vulnerability from cvelistv5 – Published: 2023-11-16 08:41 – Updated: 2024-08-02 18:02- CWE-61 - UNIX Symbolic Link (Symlink) Following
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021757… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | Dell Encryption, Dell Endpoint Security Suite Enterprise, Dell Security Management Server (Windows) |
Affected:
Versions prior to 11.8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000217572/dsa-2023-271"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"SW"
],
"product": "Dell Encryption, Dell Endpoint Security Suite Enterprise, Dell Security Management Server (Windows)",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "Versions prior to 11.8.1"
}
]
}
],
"datePublic": "2023-11-14T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation\u003c/span\u003e\n\n"
}
],
"value": "\nDell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-16T08:41:44.681Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000217572/dsa-2023-271"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-39246",
"datePublished": "2023-11-16T08:41:44.681Z",
"dateReserved": "2023-07-26T08:13:50.420Z",
"dateUpdated": "2024-08-02T18:02:06.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37460 (GCVE-0-2023-37460)
Vulnerability from cvelistv5 – Published: 2023-07-25 19:41 – Updated: 2024-10-03 19:09| URL | Tags |
|---|---|
| https://github.com/codehaus-plexus/plexus-archive… | x_refsource_CONFIRM |
| https://github.com/codehaus-plexus/plexus-archive… | x_refsource_MISC |
| https://github.com/codehaus-plexus/plexus-archive… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| codehaus-plexus | plexus-archiver |
Affected:
< 4.8.0
|
|
| codehaus-plexus | plexus-archiver |
Affected:
0 , < 4.8.0
(custom)
cpe:2.3:a:codehaus-plexus:plexus-archiver:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:29.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m"
},
{
"name": "https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2"
},
{
"name": "https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:codehaus-plexus:plexus-archiver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "plexus-archiver",
"vendor": "codehaus-plexus",
"versions": [
{
"lessThan": "4.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37460",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T19:09:14.939906Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T19:09:55.667Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "plexus-archiver",
"vendor": "codehaus-plexus",
"versions": [
{
"status": "affected",
"version": "\u003c 4.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink\u0027s source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default, will actually write the entry\u0027s content to the symlink\u0027s target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T19:41:46.096Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m"
},
{
"name": "https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2"
},
{
"name": "https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0"
}
],
"source": {
"advisory": "GHSA-wh3p-fphp-9h2m",
"discovery": "UNKNOWN"
},
"title": "Plexus Archiver vulnerable to Arbitrary File Creation in AbstractUnArchiver"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37460",
"datePublished": "2023-07-25T19:41:46.096Z",
"dateReserved": "2023-07-06T13:01:36.997Z",
"dateUpdated": "2024-10-03T19:09:55.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Symbolic link attacks often occur when a program creates a tmp directory that stores files/links. Access to the directory should be restricted to the program as to prevent attackers from manipulating the files.
Mitigation MIT-48.1
Strategy: Separation of Privilege
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-27: Leveraging Race Conditions via Symbolic Links
This attack leverages the use of symbolic links (Symlinks) in order to write to sensitive files. An attacker can create a Symlink link to a target file not otherwise accessible to them. When the privileged program tries to create a temporary file with the same name as the Symlink link, it will actually write to the target file pointed to by the attackers' Symlink link. If the attacker can insert malicious content in the temporary file they will be writing to the sensitive file by using the Symlink. The race occurs because the system checks if the temporary file exists, then creates the file. The attacker would typically create the Symlink during the interval between the check and the creation of the temporary file.