Vulnerabilities (CVE)

Filtered by vendor Deepin Subscribe
Filtered by product Deepin-clone
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-13228 1 Deepin 1 Deepin-clone 2024-11-21 6.6 MEDIUM 4.7 MEDIUM
deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. By winning a race condition to replace the /tmp/repo.iso symlink by an attacker controlled ISO file, further privilege escalation may be possible.
CVE-2019-13227 1 Deepin 1 Deepin-clone 2024-11-21 6.6 MEDIUM 5.5 MEDIUM
In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled.
CVE-2019-13226 2 Deepin, Fedoraproject 2 Deepin-clone, Fedora 2024-11-21 6.9 MEDIUM 7.0 HIGH
deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary location. By winning a race condition, the attacker can also enter the mount point, thereby preventing a subsequent unmount of the file system.