From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - tl;dr: An unauthorized user can create symbolic links pointing to , , or similar files, and wait for a privileged user or process to copy/backup/mirror these files using with the and options. The unauthorized user then gains access to these files. - Summary: When copying to a local disk using , insecure symbolic link handling allows unauthorized users to indirectly modify the permissions and ownership of target files, potentially leading to privilege escalation and unauthorized access to critical system files. 2. Affected Versions: - Affected Range: From 1.59.0 to 1.68.1 - Fixed Version: 1.68.2 3. Exploitation Method: - An unauthorized user can set up a symbolic link pointing to a sensitive file in their home directory and wait for an administrator or automated process (e.g., cron job) to use to copy files. When using and options, incorrectly applies permissions and ownership to the target file of the symbolic link, rather than the symbolic link itself, thereby altering the permissions and ownership of the sensitive file. 4. Impact: - Type: Improper handling of permissions and ownership on symbolic link targets (insecure symbolic link handling) - Impact: Unauthorized users can modify permissions and ownership of sensitive system files, leading to unauthorized access, privilege escalation, and potential system compromise. 5. Exploitation Example: - Code examples demonstrate how, when copies a directory containing symbolic links, the permissions and ownership of the target files are incorrectly applied. 6. Vulnerability Severity: - Severity: Medium - CVSS Score: 5.4/10 7. Vulnerability ID: - CVE ID: CVE-2024-52522 8. Related Vulnerability IDs: - CWE IDs: CWE-59, CWE-61, CWE-281 9. Contributors: - Reporter: hakong - Fixer: ncw This information provides a detailed overview of the vulnerability’s nature, scope, exploitation method, and remediation, aiding in understanding its severity and how to prevent it.