CVE-2021-32518
QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following
In short
QSAN Storage Manager has a flaw that allows attackers to create symbolic links to trick the system into accessing files they shouldn't be able to reach. This could expose sensitive data stored on the server.
Technical detail
The share_link function in QSAN Storage Manager is vulnerable to symlink following attacks, allowing remote attackers to create symbolic links that redirect file access to arbitrary locations on the filesystem. This CWE-61 vulnerability enables unauthorized file disclosure without authentication requirements, resolved in version 3.3.3.
Summary generated and translated by AI from the official description.
A vulnerability in share_link in QSAN Storage Manager allows remote attackers to create a symbolic link then access arbitrary files. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
QSAN · Storage ManagerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →