Common Weakness Enumeration

CWE-459

Allowed

Incomplete Cleanup

Abstraction: Base · Status: Draft

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

223 vulnerabilities reference this CWE, most recent first.

GHSA-62PR-MR57-M7XM

Vulnerability from github – Published: 2024-03-18 12:30 – Updated: 2024-10-31 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

PCI: switchtec: Fix stdev_release() crash after surprise hot remove

A PCI device hot removal may occur while stdev->cdev is held open. The call to stdev_release() then happens during close or exit, at a point way past switchtec_pci_remove(). Otherwise the last ref would vanish with the trailing put_device(), just before return.

At that later point in time, the devm cleanup has already removed the stdev->mmio_mrpc mapping. Also, the stdev->pdev reference was not a counted one. Therefore, in DMA mode, the iowrite32() in stdev_release() will cause a fatal page fault, and the subsequent dma_free_coherent(), if reached, would pass a stale &stdev->pdev->dev pointer.

Fix by moving MRPC DMA shutdown into switchtec_pci_remove(), after stdev_kill(). Counting the stdev->pdev ref is now optional, but may prevent future accidents.

Reproducible via the script at https://lore.kernel.org/r/20231113212150.96410-1-dns@arista.com

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52617"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-18T11:15:09Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: switchtec: Fix stdev_release() crash after surprise hot remove\n\nA PCI device hot removal may occur while stdev-\u003ecdev is held open. The call\nto stdev_release() then happens during close or exit, at a point way past\nswitchtec_pci_remove(). Otherwise the last ref would vanish with the\ntrailing put_device(), just before return.\n\nAt that later point in time, the devm cleanup has already removed the\nstdev-\u003emmio_mrpc mapping. Also, the stdev-\u003epdev reference was not a counted\none. Therefore, in DMA mode, the iowrite32() in stdev_release() will cause\na fatal page fault, and the subsequent dma_free_coherent(), if reached,\nwould pass a stale \u0026stdev-\u003epdev-\u003edev pointer.\n\nFix by moving MRPC DMA shutdown into switchtec_pci_remove(), after\nstdev_kill(). Counting the stdev-\u003epdev ref is now optional, but may prevent\nfuture accidents.\n\nReproducible via the script at\nhttps://lore.kernel.org/r/20231113212150.96410-1-dns@arista.com",
  "id": "GHSA-62pr-mr57-m7xm",
  "modified": "2024-10-31T18:31:15Z",
  "published": "2024-03-18T12:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52617"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0233b836312e39a3c763fb53512b3fa455b473b3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1d83c85922647758c1f1e4806a4c5c3cf591a20a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4a5d0528cf19dbf060313dffbe047bc11c90c24c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d8c293549946ee5078ed0ab77793cec365559355"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/df25461119d987b8c81d232cfe4411e91dcabe66"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e129c7fa7070fbce57feb0bfc5eaa65eef44b693"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ff1c7e2fb9e9c3f53715fbe04d3ac47b80be7eb8"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-64CJ-W4V7-5F35

Vulnerability from github – Published: 2022-04-30 18:22 – Updated: 2024-02-08 21:30
VLAI
Details

SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2002-2070"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2002-12-31T05:00:00Z",
    "severity": "MODERATE"
  },
  "details": "SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.",
  "id": "GHSA-64cj-w4v7-5f35",
  "modified": "2024-02-08T21:30:30Z",
  "published": "2022-04-30T18:22:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-2070"
    },
    {
      "type": "WEB",
      "url": "http://www.ciac.org/ciac/bulletins/m-034.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.iss.net/security_center/static/7953.php"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/251565"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/3912"
    },
    {
      "type": "WEB",
      "url": "http://www.seifried.org/security/advisories/kssa-003.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6HQX-GR9H-Q72C

Vulnerability from github – Published: 2025-10-24 18:31 – Updated: 2025-10-24 21:31
VLAI
Details

PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-60730"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-24T18:15:40Z",
    "severity": "HIGH"
  },
  "details": "PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function",
  "id": "GHSA-6hqx-gr9h-q72c",
  "modified": "2025-10-24T21:31:11Z",
  "published": "2025-10-24T18:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60730"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dengxmenglihua/cve/blob/main/PerfreeBlog/File%20Deletion/Arbitrary%20File%20Deletion%20Vulnerability%20in%20PerfreeBlog%20System.md"
    },
    {
      "type": "WEB",
      "url": "https://perfree.org.cn"
    },
    {
      "type": "WEB",
      "url": "http://perfreeblog.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6MRW-WXGJ-Q727

Vulnerability from github – Published: 2022-08-19 00:00 – Updated: 2025-05-05 18:32
VLAI
Details

Incomplete cleanup in a firmware subsystem for Intel(R) SPS before versions SPS_E3_04.08.04.330.0 and SPS_E3_04.01.04.530.0 may allow a privileged user to potentially enable denial of service via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-26074"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-18T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Incomplete cleanup in a firmware subsystem for Intel(R) SPS before versions SPS_E3_04.08.04.330.0 and SPS_E3_04.01.04.530.0 may allow a privileged user to potentially enable denial of service via local access.",
  "id": "GHSA-6mrw-wxgj-q727",
  "modified": "2025-05-05T18:32:20Z",
  "published": "2022-08-19T00:00:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26074"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220930-0003"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00669.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6Q72-3GW7-Q23C

Vulnerability from github – Published: 2025-07-05 00:30 – Updated: 2025-07-05 00:30
VLAI
Details

Tunnelblick 3.5beta06 before 7.0, when incompletely uninstalled, allows attackers to execute arbitrary code as root (upon the next boot) by dragging a crafted Tunnelblick.app file into /Applications.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-43711"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-05T00:15:23Z",
    "severity": "HIGH"
  },
  "details": "Tunnelblick 3.5beta06 before 7.0, when incompletely uninstalled, allows attackers to execute arbitrary code as root (upon the next boot) by dragging a crafted Tunnelblick.app file into /Applications.",
  "id": "GHSA-6q72-3gw7-q23c",
  "modified": "2025-07-05T00:30:23Z",
  "published": "2025-07-05T00:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43711"
    },
    {
      "type": "WEB",
      "url": "https://tunnelblick.net/cCVE-2025-43711.html"
    },
    {
      "type": "WEB",
      "url": "https://tunnelblick.net/downloads.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6QG5-VF7X-4FM3

Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-10-25 19:00
VLAI
Details

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39327"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-17T11:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.",
  "id": "GHSA-6qg5-vf7x-4fm3",
  "modified": "2022-10-25T19:00:22Z",
  "published": "2022-05-24T19:14:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39327"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2591118%40bulletproof-security\u0026new=2591118%40bulletproof-security\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/50382"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6V3C-8PW3-VQQP

Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2024-04-04 01:46
VLAI
Details

Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulnerable after upgrading to 4.4.0. Version 4.4.1 fixes this issue by removing the operating system's copy during the upgrade.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-13014"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-23T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulnerable after upgrading to 4.4.0. Version 4.4.1 fixes this issue by removing the operating system\u0027s copy during the upgrade.",
  "id": "GHSA-6v3c-8pw3-vqqp",
  "modified": "2024-04-04T01:46:42Z",
  "published": "2022-05-24T16:54:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13014"
    },
    {
      "type": "WEB",
      "url": "https://obdev.at/cve/2019-13014-MzE24Ify4p.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-729Q-FCGP-R5XH

Vulnerability from github – Published: 2023-12-05 09:33 – Updated: 2025-11-04 22:10
VLAI
Summary
Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability
Details

When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fix this issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.struts:struts2-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.2.0"
            },
            {
              "fixed": "6.3.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.struts:struts2-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.1.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.struts:struts2-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5.32"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-41835"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-05T23:34:18Z",
    "nvd_published_at": "2023-12-05T09:15:07Z",
    "severity": "HIGH"
  },
  "details": "When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir\u00a0even if the request has been denied.\nUsers are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fix this issue.",
  "id": "GHSA-729q-fcgp-r5xh",
  "modified": "2025-11-04T22:10:45Z",
  "published": "2023-12-05T09:33:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41835"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/struts/commit/3292152f8c0a77ee4827beede82b6580478a2c2a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/struts/commit/4c044f12560e22e00520595412830f9582d6dac7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/struts/commit/bf54436869c264941dd192c752a4abfaa65d3711"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/struts"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20231013-0001"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2023/12/09/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/12/09/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability"
}

GHSA-77G3-3J5W-64W4

Vulnerability from github – Published: 2021-04-07 20:36 – Updated: 2024-09-06 20:16
VLAI
Summary
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible
Details

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "ansible"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0a1"
            },
            {
              "fixed": "2.7.17"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "ansible"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.8.0a1"
            },
            {
              "fixed": "2.8.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "ansible"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.9.0a1"
            },
            {
              "fixed": "2.9.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-10685"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-377",
      "CWE-459",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-05T14:11:30Z",
    "nvd_published_at": "2020-05-11T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.",
  "id": "GHSA-77g3-3j5w-64w4",
  "modified": "2024-09-06T20:16:43Z",
  "published": "2021-04-07T20:36:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10685"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ansible/ansible/pull/68433"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ansible/ansible/commit/4e1fe80e681fa466626e9dea53efe6b0253ea1b2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ansible/ansible/commit/51d2514753544a9d58cd7524e27e696b2c944fb5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ansible/ansible/commit/e1273b6faf036ed84e4f4edee85b888a4e256aee"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10685"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-77g3-3j5w-64w4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ansible/ansible"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-1.yaml"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202006-11"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4950"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible"
}

GHSA-7C3R-4J4X-4RJJ

Vulnerability from github – Published: 2024-09-04 03:30 – Updated: 2024-09-04 03:30
VLAI
Details

Vulnerability of resources not being closed or released in the keystore module Impact: Successful exploitation of this vulnerability will affect availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-45445"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-04T03:15:03Z",
    "severity": "MODERATE"
  },
  "details": "Vulnerability of resources not being closed or released in the keystore module\nImpact: Successful exploitation of this vulnerability will affect availability.",
  "id": "GHSA-7c3r-4j4x-4rjj",
  "modified": "2024-09-04T03:30:45Z",
  "published": "2024-09-04T03:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45445"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2024/9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Temporary files and other supporting resources should be deleted/released immediately after they are no longer needed.

No CAPEC attack patterns related to this CWE.