CVE-2020-36314

LOW Year: 2020
CVSS v3 Score
3.9
Low
CVSS v2 Score
2.6
Low
Weakness Type
CWE-59
View all →

Vulnerability Description

fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736.

Related Vulnerabilities

CVE-2025-0146

LOW
CVSS:3.9(Low)

Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via local access.

CWE-592025

CVE-2020-4966

MEDIUM
CVSS:4.3(Medium)

IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:/...

CWE-592020

CVE-2022-24904

MEDIUM
CVSS:4.3(Medium)

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.7.0 and prior to versions 2.1.15m 2.2.9, and 2.3.4 is vulnerable to a symlink following bug al...

CWE-592022

CVE-2022-38482

MEDIUM
CVSS:4.3(Medium)

A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4.

CWE-592022

CVE-2023-28871

MEDIUM
CVSS:4.3(Medium)

Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link.

CWE-592023

CVE-2018-1063

MEDIUM
CVSS:4.4(Medium)

Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restri...

CWE-592018