Vuln ID: CVE-2022-38699
Published: 2022-09-28 04:15:13Z
Description: Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system.
Source: NVD.NIST.GOV