CVEbaza.plSłownik CWECWE-62
Common Weakness Enumeration

CWE-62

UNIX Hard Link

Kategoria: VariantCVE: 3
Opis

Produkt podczas otwierania pliku lub katalogu nie uwzględnia wystarczająco sytuacji, gdy nazwa jest powiązana z dowiązaniem twardym do celu znajdującego się poza zamierzoną sferą kontroli. Może to pozwolić atakującemu na wykonanie operacji na nieautoryzowanych plikach.

Description (EN)

The product, when opening a file or directory, does not sufficiently account for when the name is associated with a hard link to a target that is outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.

Podatności CVE z CWE-62 (3)
8.8
CVSS
HIGH
CVE-2026-32232

ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6.

pub. 2026-03-12
7.8
CVSS
HIGH
CVE-2024-36486

A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to its original location using root privileges. An attacker can exploit this process by using a hard link to write to an arbitrary file, potentially resulting in privilege escalation.

pub. 2025-06-03
7.8
CVSS
HIGH
CVE-2024-54189

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write to an arbitrary file, potentially leading to privilege escalation.

pub. 2025-06-03
Informacje
ID: CWE-62
Typ: Variant
Podatności: 3
MITRE CWE ↗
← Słownik CWE
CWE-62 — Dowiązanie twarde systemu UNIX | Słownik CWE | CVEbaza.pl