In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled.
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NDeepin Clone
APPDeepin< 1.1.3
Related vulnerabilities
deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper:...
deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO...
Path traversal w Deepin-Compressor umożliwiający zdalne wykonanie kodu
RCE w Deepin Reader poprzez path traversal w plikach DOCX
dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privilege...