CVE-2024-47515

HIGH Year: 2024
CVSS v3 Score
8.1
High
Weakness Type
CWE-61
View all →

Vulnerability Description

A vulnerability was found in Pagure. Support of symbolic links during repository archiving of repositories allows the disclosure of local files. This flaw allows a malicious user to take advantage of the Pagure instance.

Related Vulnerabilities

CVE-2020-15076

HIGH
CVSS:7.8(High)

Private Tunnel installer for macOS version 3.0.1 and older versions may corrupt system critical files it should not have access via symlinks in /tmp.

CWE-612020

CVE-2020-8014

HIGH
CVSS:7.8(High)

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to esc...

CWE-612020

CVE-2020-8019

HIGH
CVSS:7.8(High)

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for...

CWE-612020

CVE-2021-25321

HIGH
CVSS:7.8(High)

A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 all...

CWE-612021

CVE-2021-25322

HIGH
CVSS:7.8(High)

A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to...

CWE-612021

CVE-2021-39134

HIGH
CVSS:7.8(High)

`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts...

CWE-612021