CVE-2019-6679

LOW Year: 2019
CVSS v3 Score
3.3
Low
CVSS v2 Score
3.6
Low
Weakness Type
CWE-59
View all →

Vulnerability Description

On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks. This allows authenticated users with SCP access to overwrite certain configuration files that would otherwise be restricted.

Related Vulnerabilities

CVE-2014-1420

LOW
CVSS:3.3(Low)

On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag...

CWE-592014

CVE-2015-0858

LOW
CVSS:3.3(Low)

Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory.

CWE-592015

CVE-2015-7758

LOW
CVSS:3.3(Low)

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc...

CWE-592015

CVE-2020-24654

LOW
CVSS:3.3(Low)

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

CWE-592020

CVE-2020-3830

LOW
CVSS:3.3(Low)

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be abl...

CWE-592020

CVE-2020-36314

LOW
CVSS:3.9(Low)

fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent...

CWE-592020