Описание
In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled.
Ссылки
- Mailing ListThird Party Advisory
- Issue TrackingThird Party Advisory
- PatchThird Party Advisory
- Mailing ListThird Party Advisory
- Issue TrackingThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.3 (исключая)
cpe:2.3:a:deepin:deepin-clone:*:*:*:*:*:*:*:*
EPSS
Процентиль: 24%
0.00082
Низкий
5.5 Medium
CVSS3
6.6 Medium
CVSS2
Дефекты
CWE-59
Связанные уязвимости
CVSS3: 5.5
debian
больше 6 лет назад
In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed ...
CVSS3: 5.5
github
больше 3 лет назад
In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled.
EPSS
Процентиль: 24%
0.00082
Низкий
5.5 Medium
CVSS3
6.6 Medium
CVSS2
Дефекты
CWE-59