Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-59 (在文件访问前对链接解析不恰当(链接跟随)) — Vulnerability Class 426

426 vulnerabilities classified as CWE-59 (在文件访问前对链接解析不恰当(链接跟随)). AI Chinese analysis included.

CWE-59 represents a critical input validation weakness where software fails to properly resolve symbolic links or shortcuts before accessing a file. Attackers typically exploit this vulnerability by crafting malicious links that point to sensitive system files or directories outside the intended scope. When the application resolves these links without adequate checks, it inadvertently grants access to unauthorized resources, potentially leading to data leakage, privilege escalation, or remote code execution. To mitigate this risk, developers must implement rigorous link resolution controls, ensuring that all file paths are canonicalized and verified against a strict allowlist before any I/O operations occur. Utilizing secure API functions that explicitly handle link following, combined with strict permission checks on the final resolved path, effectively prevents attackers from leveraging symlinks to bypass security boundaries and access unintended system components.

MITRE CWE Description
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Common Consequences (2)
Confidentiality, Integrity, Access ControlRead Files or Directories, Modify Files or Directories, Bypass Protection Mechanism
An attacker may be able to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. If the files are used for a security mechanism then an attacker may be able to bypass the mechanism.
OtherExecute Unauthorized Code or Commands
Windows simple shortcuts, sometimes referred to as soft links, can be exploited remotely since a ".LNK" file can be uploaded like a normal file. This can enable remote execution.
Mitigations (1)
Architecture and DesignFollow the principle of least privilege when assigning access rights to entities in a software system. Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CVE IDTitleCVSSSeverityPublished
CVE-2021-32553 apport read_file() function could follow maliciously constructed symbolic links — apport 7.3 High2021-06-12
CVE-2021-32554 apport read_file() function could follow maliciously constructed symbolic links — apport 7.3 High2021-06-12
CVE-2021-32552 apport read_file() function could follow maliciously constructed symbolic links — apport 7.3 High2021-06-12
CVE-2021-32550 apport read_file() function could follow maliciously constructed symbolic links — apport 7.3 High2021-06-12
CVE-2021-32551 apport read_file() function could follow maliciously constructed symbolic links — apport 7.3 High2021-06-12
CVE-2021-32549 apport read_file() function could follow maliciously constructed symbolic links — apport 7.3 High2021-06-12
CVE-2021-32548 apport read_file() function could follow maliciously constructed symbolic links — apport 7.3 High2021-06-12
CVE-2021-32547 apport read_file() function could follow maliciously constructed symbolic links — apport 7.3 High2021-06-12
CVE-2021-31997 python-postorius: postorius-permissions.sh used during %post allows local privilege escalation from postorius user to root — Leap 15.2 6.8 Medium2021-06-10
CVE-2021-23892 Mcafee McAfee Security 后置链接漏洞 — McAfee Endpoint Security (ENS) for Linux 8.2 High2021-05-12
CVE-2021-23872 Privilege Escalation vulnerability in McAfee Total Protection (MTP) — McAfee Total Protection (MTP) 7.8 High2021-05-12
CVE-2021-30356 Check Point Identity Agent 后置链接漏洞 — Check Point Identity Agent 8.1 -2021-04-22
CVE-2021-27241 Avast Premium Security 后置链接漏洞 — Premium Security 6.1 -2021-03-29
CVE-2021-20197 GNU Binutils 后置链接漏洞 — binutils 6.7 -2021-03-26
CVE-2020-7346 Privilege escalation in McAfee DLP Endpoint for Windows — McAfee Data Loss Prevention (DLP) Endpoint for Windows 7.8 High2021-03-23
CVE-2021-21300 malicious repositories can execute remote code while cloning — git 8.0 High2021-03-09
CVE-2021-23873 McAfee Total Protection (MTP) privilege escalation vulnerability — McAfee Total Protection (MTP) 7.8 High2021-02-10
CVE-2020-26277 Arbitrary read/write in DBdeployer — dbdeployer 6.1 Medium2020-12-21
CVE-2020-28935 Local symlink attack in Unbound and NSD — Unbound 7.8 -2020-12-07
CVE-2020-6015 Check Point Endpoint Security 后置链接漏洞 — Check Point Endpoint Security for Windows 5.5 -2020-11-05
CVE-2014-1420 Insecure temp file usage in Ubuntu UI toolkit — ubuntu-ui-toolkit 3.8 Low2020-09-10
CVE-2020-7325 Privilege Escalation vulnerability in MVISION Endpoint — MVISION Endpoint 5.5 Medium2020-09-09
CVE-2020-7319 Improper Access Control Vulnerability in ENS for Windows — Endpoint Security for Windows 8.8 High2020-09-09
CVE-2020-14367 chrony 后置链接漏洞 — Chrony 6.0 -2020-08-24
CVE-2020-6012 Check Point Software Technologies ZoneAlarm Anti-Ransomware 后置链接漏洞 — ZoneAlarm Anti-Ransomware 7.0 -2020-08-04
CVE-2020-3437 Cisco SD-WAN vManage Software Information Disclosure Vulnerability — Cisco SD-WAN vManage 6.5 -2020-07-16
CVE-2020-7282 Privilege Escalation vulnerability in McAfee Total Protection (MTP) — McAfee Total Protection (MTP) 7.5 High2020-07-03
CVE-2020-13095 Objective Development Software Little Snitch 后置链接漏洞 — Little Snitch 8.8 -2020-06-30
CVE-2020-2026 Kata Containers - Guests can trick the kata-runtime into mounting the container image on any host path — Kata Containers 7.8 High2020-06-10
CVE-2020-8103 Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8604) — Bitdefender Antivirus Free 7.2 High2020-06-05

Vulnerabilities classified as CWE-59 (在文件访问前对链接解析不恰当(链接跟随)) represent 426 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.