目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-61 类漏洞列表 100

CWE-61 类弱点 100 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-61 属于路径遍历类漏洞,指程序在处理文件路径时未充分验证符号链接的目标位置。攻击者通常通过构造指向系统敏感文件的恶意符号链接,诱导程序读取或修改非预期控制域内的文件,从而获取敏感数据或提升权限。开发者应避免直接信任用户输入的路径,在访问文件前严格校验符号链接指向,确保其位于预期的安全目录范围内,或禁用符号链接解析以消除风险。

MITRE CWE 官方描述
CWE:CWE-61 UNIX 符号链接(Symlink)跟随 当产品打开文件或目录时,未充分考虑到该文件是符号链接(symbolic link)且解析到预期控制范围之外的目标的情况。这可能导致攻击者使产品操作未经授权的文件。 如果产品允许在内部代码或通过用户输入中将 UNIX 符号链接(symlink)作为路径的一部分,则可能允许攻击者伪造符号链接,遍历文件系统至非预期位置或访问任意文件。符号链接可使攻击者读取、写入或破坏其原本无权访问的文件。
常见影响 (1)
Confidentiality, IntegrityRead Files or Directories, Modify Files or Directories
缓解措施 (2)
ImplementationSymbolic link attacks often occur when a program creates a tmp directory that stores files/links. Access to the directory should be restricted to the program as to prevent attackers from manipulating the files.
Architecture and DesignFollow the principle of least privilege when assigning access rights to entities in a software system. Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CVE ID标题CVSS风险等级Published
CVE-2024-54148 Gogs 安全漏洞 — gogs 8.8 -2024-12-23
CVE-2024-47480 Dell Inventory Collector 安全漏洞 — Inventory Collector Client 7.8 High2024-12-18
CVE-2024-52542 Dell AppSync Server 安全漏洞 — AppSync 4.4 Medium2024-12-17
CVE-2024-52537 Dell Client Platform 安全漏洞 — Dell Client Platform BIOS 6.3 Medium2024-12-11
CVE-2024-54661 socat 安全漏洞 — socat 9.1 -2024-12-04
CVE-2023-20091 Cisco RoomOS Software和Cisco TelePresence Collaboration Endpoint Software 安全漏洞 — Cisco TelePresence Endpoint Software (TC/CE) 5.1 Medium2024-11-15
CVE-2023-20092 Cisco RoomOS Software和Cisco TelePresence Collaboration Endpoint Software 安全漏洞 — Cisco RoomOS Software 4.4 Medium2024-11-15
CVE-2023-20093 Cisco TelePresence Collaboration Endpoint和Cisco RoomOS 安全漏洞 — Cisco RoomOS Software 4.4 Medium2024-11-15
CVE-2024-34015 Acronis Backup plugin for cPanel & WHM (Linux) 安全漏洞 — Acronis Backup plugin for cPanel & WHM 6.5 -2024-11-11
CVE-2024-34014 Acronis多款产品 安全漏洞 — Acronis Backup plugin for cPanel & WHM 8.8 -2024-11-11
CVE-2024-0134 NVIDIA Container Toolkit 安全漏洞 — NVIDIA Container Toolkit 4.1 Medium2024-11-05
CVE-2024-39578 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 6.3 Medium2024-08-31
CVE-2024-42367 aiohttp 安全漏洞 — aiohttp 4.8 Medium2024-08-09
CVE-2024-28189 Judge0 CE 安全漏洞 — judge0 10.0 Critical2024-04-18
CVE-2024-28185 Judge0 CE 安全漏洞 — judge0 10.0 Critical2024-04-18
CVE-2024-25953 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 6.0 Medium2024-03-28
CVE-2024-25952 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 6.0 Medium2024-03-28
CVE-2023-41969 Zscaler Client Connector 安全漏洞 — Client Connector 7.3 High2024-03-26
CVE-2024-1933 TeamViewer 安全漏洞 — Remote Client 7.1 High2024-03-26
CVE-2023-39246 Dell多款产品安全漏洞 — Dell Encryption, Dell Endpoint Security Suite Enterprise, Dell Security Management Server (Windows) 4.6 Medium2023-11-16
CVE-2022-3592 Samba 后置链接漏洞 — samba 6.5 -2023-01-12
CVE-2021-4287 ReFirm Labs Binwalk 后置链接漏洞 — binwalk 5.0 Medium2022-12-27
CVE-2022-24904 ArgoCD 后置链接漏洞 — argo-cd 4.3 Medium2022-05-20
CVE-2021-1612 Cisco IOS XE SD-WAN Software 后置链接漏洞 — Cisco IOS XE SD-WAN Software 5.5 Medium2021-09-23
CVE-2021-39135 NPM arborist 后置链接漏洞 — arborist 8.2 High2021-08-31
CVE-2021-39134 NPM arborist 后置链接漏洞 — arborist 8.2 High2021-08-31
CVE-2021-32518 QSAN Storage Manager 后置链接漏洞 — Storage Manager 7.5 High2021-07-07
CVE-2021-32509 QSAN Storage Manager 后置链接漏洞 — Storage Manager 6.5 Medium2021-07-07
CVE-2021-32508 QSAN Storage Manager 后置链接漏洞 — Storage Manager 6.5 Medium2021-07-07
CVE-2021-25321 arpwatch 安全漏洞 — SUSE Linux Enterprise Server 11-SP4-LTSS 7.8 High2021-06-30

CWE-61 是常见的弱点类别,本平台收录该类弱点关联的 100 条 CVE 漏洞。