CVE-2018-1196: Symlink privilege escalation attack via Spring Boot launch script

March 19, 2018 (updated April 20, 2018)

Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot is susceptible to a symlink attack which allows the run_user to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the run_user requires shell access to the server.

References

pivotal.io/security/cve-2018-1196

Detect and mitigate CVE-2018-1196 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →