Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-61 — Vulnerability Class 100

100 vulnerabilities classified as CWE-61. AI Chinese analysis included.

CWE-61 represents a critical input validation weakness where software fails to adequately verify the final destination of a symbolic link during file or directory access operations. Attackers typically exploit this vulnerability by crafting malicious symlinks that point to sensitive system files or directories outside the application’s intended control sphere. When the vulnerable program follows these links, it inadvertently reads, modifies, or deletes unauthorized data, potentially leading to information disclosure, privilege escalation, or denial of service. To mitigate this risk, developers must implement strict path canonicalization and validation mechanisms before processing any file paths. This involves resolving symbolic links to their absolute physical paths and ensuring the resulting target resides within an allowed directory tree. Additionally, using secure file handling APIs that explicitly reject symlink traversal or employing chroot jails can effectively isolate applications from such path manipulation attacks.

MITRE CWE Description
The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files. A product that allows UNIX symbolic links (symlink) as part of paths whether in internal code or through user input can allow an attacker to spoof the symbolic link and traverse the file system to unintended locations or access arbitrary files. The symbolic link can permit an attacker to read/write/corrupt a file that they originally did not have permissions to access.
Common Consequences (1)
Confidentiality, IntegrityRead Files or Directories, Modify Files or Directories
Mitigations (2)
ImplementationSymbolic link attacks often occur when a program creates a tmp directory that stores files/links. Access to the directory should be restricted to the program as to prevent attackers from manipulating the files.
Architecture and DesignFollow the principle of least privilege when assigning access rights to entities in a software system. Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CVE IDTitleCVSSSeverityPublished
CVE-2021-25322 python-HyperKitty: hyperkitty-permissions.sh used during %post allows local privilege escalation from hyperkitty user to root — Leap 15.2 6.8 Medium2021-06-10
CVE-2020-15076 OpenVPN 后置链接漏洞 — Private Tunnel 7.1 -2021-05-26
CVE-2020-15075 OpenVPN Connect 后置链接漏洞 — OpenVPN Connect 7.7 -2021-03-30
CVE-2021-1145 Cisco StarOS for Cisco ASR 5000 Series Routers Arbitrary File Read Vulnerability — Cisco ASR 5000 Series Software 6.5 Medium2021-01-13
CVE-2020-8014 kopano-python-services: Local privilege escalation from kopano to root in kopano-spamd subpackage — openSUSE Leap 15.1 7.7 High2020-06-29
CVE-2020-8019 syslog-ng: Local privilege escalation from new to root in %post — SUSE Linux Enterprise Debuginfo 11-SP3 7.7 High2020-06-29
CVE-2019-11251 kubectl cp allows symlink directory traversal — Kubernetes 4.8 Medium2020-02-03
CVE-2019-16775 Unauthorized File Access in npm CLI before before version 6.13.3 — cli 7.7 High2019-12-13
CVE-2019-11249 kubectl cp allows symlink directory traversal — Kubernetes 5.7 -2019-08-29
CVE-2019-11246 kubectl cp allows symlink directory traversal — Kubernetes 5.7 -2019-08-29

Vulnerabilities classified as CWE-61 represent 100 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.