CVE Vulnerabilities

CVE-2018-14335

Improper Link Resolution Before File Access ('Link Following')

Published: Jul 24, 2018 | Modified: Nov 21, 2024
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
4.3 MODERATE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Ubuntu
MEDIUM

An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.

Weakness

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Affected Software

Name Vendor Start Version End Version
H2 H2database 1.4.197 (including) 1.4.197 (including)
Red Hat Data Grid 7.3.3 RedHat h2 *
H2database Ubuntu bionic *
H2database Ubuntu cosmic *
H2database Ubuntu disco *
H2database Ubuntu eoan *
H2database Ubuntu esm-apps/bionic *
H2database Ubuntu esm-apps/focal *
H2database Ubuntu esm-apps/xenial *
H2database Ubuntu focal *
H2database Ubuntu groovy *
H2database Ubuntu hirsute *
H2database Ubuntu impish *
H2database Ubuntu kinetic *
H2database Ubuntu lunar *
H2database Ubuntu xenial *

Potential Mitigations

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

References