CVE-2022-38699

Name of the Vulnerable Software and Affected Versions Armoury Crate Service (affected versions not specified)

Description The issue concerns Armoury Crate Service's logging function, which lacks sufficient validation to check if the log file is a symbolic link. This allows a physical attacker with general user privilege to modify the log file property to a symbolic link, pointing to an arbitrary system file. As a result, the logging function can overwrite the system file, disrupting the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.