Improper link resolution before file access (link following) in Service Fabric allows an authorized attacker to elevate privileges locally.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Azure_service_fabric | Microsoft | * | 10.1 (excluding) |
Azure_service_fabric | Microsoft | 10.1 (including) | 10.1 (including) |
Azure_service_fabric | Microsoft | 10.1-cumulative_update_2 (including) | 10.1-cumulative_update_2 (including) |
Azure_service_fabric | Microsoft | 10.1-cumulative_update_3 (including) | 10.1-cumulative_update_3 (including) |
Azure_service_fabric | Microsoft | 10.1-cumulative_update_4 (including) | 10.1-cumulative_update_4 (including) |
Azure_service_fabric | Microsoft | 10.1-cumulative_update_5 (including) | 10.1-cumulative_update_5 (including) |
Azure_service_fabric | Microsoft | 10.1-cumulative_update_6 (including) | 10.1-cumulative_update_6 (including) |