CVE-2022-31647

HIGH Year: 2022
CVSS v3 Score
7.1
High
Weakness Type
CWE-59
View all →

Vulnerability Description

Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659.

Related Vulnerabilities

CVE-2003-0844

HIGH
CVSS:7.1(High)

mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on pre...

CWE-592003

CVE-2004-0689

HIGH
CVSS:7.1(High)

KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.

CWE-592004

CVE-2010-2064

HIGH
CVSS:7.1(High)

rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr.

CWE-592010

CVE-2011-3351

HIGH
CVSS:7.1(High)

openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw...

CWE-592011

CVE-2011-3632

HIGH
CVSS:7.1(High)

Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks.

CWE-592011

CVE-2013-0159

HIGH
CVSS:7.1(High)

The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlin...

CWE-592013