CWE-59
Improper Link Resolution Before File Access ('Link Following')
AI Translation Available
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Status
draft
Abstraction
base
Likelihood
medium
Affected Platforms
Windows
Unix
Technical Details
AI Translation
Common Consequences
confidentiality
integrity
access control
other
Impacts
read files or directories
modify files or directories
bypass protection mechanism
execute unauthorized code or commands
Detection Methods
automated static analysis - binary or bytecode
manual static analysis - binary or bytecode
dynamic analysis with automated results interpretation
dynamic analysis with manual results interpretation
manual static analysis - source code
automated static analysis - source code
architecture or design review
Potential Mitigations
Phases:
architecture and design
Descriptions:
•
Follow the principle of least privilege when assigning access rights to entities in a software system.
Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
Functional Areas
file processing