MEDIUM🇬🇧 English

CVE-2019-13227

CVSS 5.5v3.0pub. 2019-07-04upd. 2024-11-21

In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled.

oryginał EN
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
  • Deepin Clone

    APP
    Deepin
    < 1.1.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2019-13226HIGH7.0ten sam produkt

deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper:...

CVE-2019-13228MEDIUM4.7ten sam produkt

deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO...

CVE-2023-50255CRITICAL9.3PL ✓ten sam vendor

Path traversal w Deepin-Compressor umożliwiający zdalne wykonanie kodu

CVE-2023-50254CRITICAL9.3PL ✓ten sam vendor

RCE w Deepin Reader poprzez path traversal w plikach DOCX

CVE-2017-7622HIGH8.8ten sam vendor

dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privilege...