CWE-61 - UNIX Symbolic Link (Symlink) Following


Symbolic links (symlink), provided by software system, are easy to spoof. With the help of changed symlinks malefactor offender can get and use any data to which he had no permission before.
A malicious user can create a symbolic link to a file not otherwise accessible to him or her. When the privileged program creates a file of the same name as the symbolic link, it actually creates the linked-to file instead, possibly inserting content desired or even provided by the malicious user.
The vulnerability has the biggest influence on integrity and confidentiality of the data and allows attackers to read and alter data of directories.
The weakness is introduced during Implementation stage.

Latest vulnerabilities for CWE-61


Description of CWE-61 on Mitre website