CWE-59

The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.

An elevation of privilege vulnerability exists in Microsoft Windows where certain folders, with local service privilege, are vulnerable to symbolic link attack. An attacker who successfully exploited this vulnerability could potentially access unauthorized information. The update addresses this vulnerability by not allowing symbolic links in these scenarios., aka ‘Microsoft Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1082.

In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted “bin” keys. Existing files could be overwritten depending on the current user permission set.

An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations, aka ‘Task Scheduler Elevation of Privilege Vulnerability’.

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka ‘Windows Elevation of Privilege Vulnerability’.

An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts, aka ‘Windows Shell Elevation of Privilege Vulnerability’.