postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating "this bug is invalid.
References
Configurations
History
07 Nov 2023, 02:02
Type | Values Removed | Values Added |
---|---|---|
Summary | postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating "this bug is invalid. |
Information
Published : 2008-11-07 19:36
Updated : 2024-08-07 11:15
NVD link : CVE-2008-4998
Mitre link : CVE-2008-4998
CVE.ORG link : CVE-2008-4998
JSON object : View
Products Affected
twiki
- twiki
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')