目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-426 不可信的搜索路径 类漏洞列表 204

CWE-426 不可信的搜索路径 类弱点 204 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-426 属于不信任搜索路径漏洞,指程序使用外部提供的路径查找关键资源,导致可能访问不受控的文件。攻击者常通过操纵环境变量或配置,将恶意程序或数据注入搜索路径,从而执行任意代码或窃取敏感信息。开发者应避免使用动态搜索路径,改用硬编码的绝对路径,或严格验证路径来源及权限,确保仅加载受信任目录下的资源,以阻断攻击链。

MITRE CWE 官方描述
CWE:CWE-426 不受信任的搜索路径 (Untrusted Search Path) 英文:该产品使用外部提供的搜索路径来搜索关键资源,该路径可能指向不受该产品直接控制的资源。 这可能导致攻击者执行其自己的程序、访问未经授权的数据文件或以意外方式修改配置。如果产品使用搜索路径来定位关键资源(如程序),则攻击者可以修改该搜索路径以指向恶意程序,目标产品随后将执行该程序。此问题扩展到产品所信任的任何类型的关键资源。不受信任的搜索路径的一些最常见变体包括:在各种 UNIX 和基于 Linux 的系统中,可能会查阅 PATH 环境变量来定位可执行程序,并使用 LD_PRELOAD 来定位单独的库。在各种基于 Microsoft 的系统中,如果未在其他出现在搜索顺序前面的路径中找到 DLL,则会查阅 PATH 环境变量来定位 DLL。
常见影响 (3)
Integrity, Confidentiality, Availability, Access ControlGain Privileges or Assume Identity, Execute Unauthorized Code or Commands
There is the potential for arbitrary code execution with privileges of the vulnerable program.
AvailabilityDoS: Crash, Exit, or Restart
The program could be redirected to the wrong files, potentially triggering a crash or hang when the targeted file is too large or does not have the expected format.
ConfidentialityRead Files or Directories
The program could send the output of unauthorized files to the attacker.
缓解措施 (5)
Architecture and Design, ImplementationHard-code the search path to a set of known-safe values (such as system directories), or only allow them to be specified by the administrator in a configuration file. Do not allow these settings to be modified by an external party. Be careful to avoid related weaknesses such as CWE-426 and CWE-428.
ImplementationWhen invoking other programs, specify those programs using fully-qualified pathnames. While this is an effective approach, code that uses fully-qualified pathnames might not be portable to other systems that do not use the same pathnames. The portability can be improved by locating the full-qualified paths in a centralized, easily-modifiable location within the source code, and having the code ref…
ImplementationRemove or restrict all environment settings before invoking other programs. This includes the PATH environment variable, LD_LIBRARY_PATH, and other settings that identify the location of code libraries, and any application-specific search paths.
ImplementationCheck your search path before use and remove any elements that are likely to be unsafe, such as the current working directory or a temporary files directory.
ImplementationUse other functions that require explicit paths. Making use of any of the other readily available functions that require explicit paths is a safe way to avoid this problem. For example, system() in C does not require a full path since the shell can take care of it, while execl() and execv() require a full path.
代码示例 (2)
This program is intended to execute a command that lists the contents of a restricted directory, then performs other actions. Assume that it runs with setuid privileges in order to bypass the permissions check by the operating system.
#define DIR "/restricted/directory" char cmd[500]; sprintf(cmd, "ls -l %480s", DIR); /* Raise privileges to those needed for accessing DIR. */ RaisePrivileges(...); system(cmd); DropPrivileges(...); ...
Bad · C
The user sets the PATH to reference a directory under the attacker's control, such as "/my/dir/". The attacker creates a malicious program called "ls", and puts that program in /my/dir The user executes the program. When system() is executed, the shell consults the PATH to find the ls program The program finds the attacker's malicious program, "/my/dir/ls". It doesn't find "/bin/ls" because PATH does not contain "/bin/". The program executes the attacker's malicious program with the raised privileges.
Attack
The following code from a system utility uses the system property APPHOME to determine the directory in which it is installed and then executes an initialization script based on a relative path from the specified directory.
... String home = System.getProperty("APPHOME"); String cmd = home + INITCMD; java.lang.Runtime.getRuntime().exec(cmd); ...
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2024-13158 Ivanti EPM 安全漏洞 — Endpoint Manager 7.2 High2025-01-14
CVE-2025-0459 RetroArch 代码问题漏洞 — RetroArch 5.3 Medium2025-01-14
CVE-2024-53866 pnpm 代码问题漏洞 — pnpm 9.8 -2024-12-10
CVE-2024-11454 Autodesk Revit 安全漏洞 — Revit 7.8 High2024-12-09
CVE-2023-1521 SUSE Linux Enterprise Server for SAP Applications 安全漏洞 — sccache 7.4 -2024-11-26
CVE-2024-49515 Adobe Substance 3D Painter 代码问题漏洞 — Substance3D - Painter 7.8 High2024-11-12
CVE-2024-36507 Fortinet FortiClientWindows 安全漏洞 — FortiClientWindows 6.7 High2024-11-12
CVE-2024-49043 Microsoft SQL Server 代码问题漏洞 — Microsoft SQL Server 2017 (GDR) 7.8 High2024-11-12
CVE-2024-7995 Autodesk VRED Design 安全漏洞 — VRED Design 7.8 High2024-11-05
CVE-2023-32266 OpenText Application Lifecycle Management 代码问题漏洞 — Application Lifecycle Management (ALM),Quality Center 7.3AIHighAI2024-10-16
CVE-2024-47422 Adobe Framemaker 代码问题漏洞 — Adobe Framemaker 7.8 High2024-10-09
CVE-2024-43616 Microsoft Office 代码问题漏洞 — Microsoft 365 Apps for Enterprise 7.8 High2024-10-08
CVE-2024-43576 Microsoft Office 代码问题漏洞 — Microsoft 365 Apps for Enterprise 7.8 High2024-10-08
CVE-2024-8733 HP One Agent Software 安全漏洞 — HP One Agent Software 8.0 High2024-10-02
CVE-2024-6769 Microsoft多款产品 安全漏洞 — Windows 10 6.7 Medium2024-09-26
CVE-2024-44103 Ivanti Workspace Control 安全漏洞 — Workspace Control 8.8 High2024-09-10
CVE-2024-45281 SAP BusinessObjects Business Intelligence Platform 代码问题漏洞 — SAP BusinessObjects Business Intelligence Platform 5.8 Medium2024-09-10
CVE-2024-6473 Yandex Browser 安全漏洞 — Browser 7.8AIHighAI2024-09-03
CVE-2024-38305 Dell SupportAssist for Home PCs 代码问题漏洞 — SupportAssist for Home PCs 7.3 High2024-08-21
CVE-2024-42439 Zoom Meeting SDK和Zoom Workplace 安全漏洞 — Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS 6.5 Medium2024-08-14
CVE-2024-41865 Adobe Dimension 代码问题漏洞 — Dimension 7.8 High2024-08-14
CVE-2024-6975 Cato Networks Windows SDP Client 安全漏洞 — SDP Client 8.8 High2024-07-31
CVE-2024-6974 Cato Networks Windows SDP Client 安全漏洞 — SDP Client 8.8 High2024-07-31
CVE-2024-34123 Adobe Premiere Pro 代码问题漏洞 — Premiere Pro 7.0 High2024-07-09
CVE-2024-35260 Microsoft Power Platform 安全漏洞 — Microsoft Power Platform 8.0 High2024-06-27
CVE-2024-30100 Microsoft SharePoint 代码问题漏洞 — Microsoft SharePoint Enterprise Server 2016 7.8 High2024-06-11
CVE-2024-28133 PHOENIX CONTACT CHARX SEC-3000 1.5.1及 代码问题漏洞 — CHARX SEC-3000 7.8 High2024-05-14
CVE-2024-32019 Netdata 安全漏洞 — netdata 8.8 High2024-04-12
CVE-2024-20693 Microsoft Windows Kernel 安全漏洞 — Windows 10 Version 1809 7.8 High2024-04-09
CVE-2024-20754 Adobe Lightroom Desktop 代码问题漏洞 — Lightroom Desktop 7.8 High2024-03-18

CWE-426(不可信的搜索路径) 是常见的弱点类别,本平台收录该类弱点关联的 204 条 CVE 漏洞。