CWE-459
AllowedIncomplete Cleanup
Abstraction: Base · Status: Draft
The product does not properly "clean up" and remove temporary or supporting resources after they have been used.
223 vulnerabilities reference this CWE, most recent first.
GHSA-62PR-MR57-M7XM
Vulnerability from github – Published: 2024-03-18 12:30 – Updated: 2024-10-31 18:31In the Linux kernel, the following vulnerability has been resolved:
PCI: switchtec: Fix stdev_release() crash after surprise hot remove
A PCI device hot removal may occur while stdev->cdev is held open. The call to stdev_release() then happens during close or exit, at a point way past switchtec_pci_remove(). Otherwise the last ref would vanish with the trailing put_device(), just before return.
At that later point in time, the devm cleanup has already removed the stdev->mmio_mrpc mapping. Also, the stdev->pdev reference was not a counted one. Therefore, in DMA mode, the iowrite32() in stdev_release() will cause a fatal page fault, and the subsequent dma_free_coherent(), if reached, would pass a stale &stdev->pdev->dev pointer.
Fix by moving MRPC DMA shutdown into switchtec_pci_remove(), after stdev_kill(). Counting the stdev->pdev ref is now optional, but may prevent future accidents.
Reproducible via the script at https://lore.kernel.org/r/20231113212150.96410-1-dns@arista.com
{
"affected": [],
"aliases": [
"CVE-2023-52617"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-18T11:15:09Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: switchtec: Fix stdev_release() crash after surprise hot remove\n\nA PCI device hot removal may occur while stdev-\u003ecdev is held open. The call\nto stdev_release() then happens during close or exit, at a point way past\nswitchtec_pci_remove(). Otherwise the last ref would vanish with the\ntrailing put_device(), just before return.\n\nAt that later point in time, the devm cleanup has already removed the\nstdev-\u003emmio_mrpc mapping. Also, the stdev-\u003epdev reference was not a counted\none. Therefore, in DMA mode, the iowrite32() in stdev_release() will cause\na fatal page fault, and the subsequent dma_free_coherent(), if reached,\nwould pass a stale \u0026stdev-\u003epdev-\u003edev pointer.\n\nFix by moving MRPC DMA shutdown into switchtec_pci_remove(), after\nstdev_kill(). Counting the stdev-\u003epdev ref is now optional, but may prevent\nfuture accidents.\n\nReproducible via the script at\nhttps://lore.kernel.org/r/20231113212150.96410-1-dns@arista.com",
"id": "GHSA-62pr-mr57-m7xm",
"modified": "2024-10-31T18:31:15Z",
"published": "2024-03-18T12:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52617"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0233b836312e39a3c763fb53512b3fa455b473b3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1d83c85922647758c1f1e4806a4c5c3cf591a20a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4a5d0528cf19dbf060313dffbe047bc11c90c24c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d8c293549946ee5078ed0ab77793cec365559355"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/df25461119d987b8c81d232cfe4411e91dcabe66"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e129c7fa7070fbce57feb0bfc5eaa65eef44b693"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ff1c7e2fb9e9c3f53715fbe04d3ac47b80be7eb8"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-64CJ-W4V7-5F35
Vulnerability from github – Published: 2022-04-30 18:22 – Updated: 2024-02-08 21:30SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
{
"affected": [],
"aliases": [
"CVE-2002-2070"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2002-12-31T05:00:00Z",
"severity": "MODERATE"
},
"details": "SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.",
"id": "GHSA-64cj-w4v7-5f35",
"modified": "2024-02-08T21:30:30Z",
"published": "2022-04-30T18:22:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-2070"
},
{
"type": "WEB",
"url": "http://www.ciac.org/ciac/bulletins/m-034.shtml"
},
{
"type": "WEB",
"url": "http://www.iss.net/security_center/static/7953.php"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/251565"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/3912"
},
{
"type": "WEB",
"url": "http://www.seifried.org/security/advisories/kssa-003.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6HQX-GR9H-Q72C
Vulnerability from github – Published: 2025-10-24 18:31 – Updated: 2025-10-24 21:31PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function
{
"affected": [],
"aliases": [
"CVE-2025-60730"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-24T18:15:40Z",
"severity": "HIGH"
},
"details": "PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function",
"id": "GHSA-6hqx-gr9h-q72c",
"modified": "2025-10-24T21:31:11Z",
"published": "2025-10-24T18:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60730"
},
{
"type": "WEB",
"url": "https://github.com/dengxmenglihua/cve/blob/main/PerfreeBlog/File%20Deletion/Arbitrary%20File%20Deletion%20Vulnerability%20in%20PerfreeBlog%20System.md"
},
{
"type": "WEB",
"url": "https://perfree.org.cn"
},
{
"type": "WEB",
"url": "http://perfreeblog.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-6MRW-WXGJ-Q727
Vulnerability from github – Published: 2022-08-19 00:00 – Updated: 2025-05-05 18:32Incomplete cleanup in a firmware subsystem for Intel(R) SPS before versions SPS_E3_04.08.04.330.0 and SPS_E3_04.01.04.530.0 may allow a privileged user to potentially enable denial of service via local access.
{
"affected": [],
"aliases": [
"CVE-2022-26074"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-18T20:15:00Z",
"severity": "MODERATE"
},
"details": "Incomplete cleanup in a firmware subsystem for Intel(R) SPS before versions SPS_E3_04.08.04.330.0 and SPS_E3_04.01.04.530.0 may allow a privileged user to potentially enable denial of service via local access.",
"id": "GHSA-6mrw-wxgj-q727",
"modified": "2025-05-05T18:32:20Z",
"published": "2022-08-19T00:00:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26074"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220930-0003"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00669.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6Q72-3GW7-Q23C
Vulnerability from github – Published: 2025-07-05 00:30 – Updated: 2025-07-05 00:30Tunnelblick 3.5beta06 before 7.0, when incompletely uninstalled, allows attackers to execute arbitrary code as root (upon the next boot) by dragging a crafted Tunnelblick.app file into /Applications.
{
"affected": [],
"aliases": [
"CVE-2025-43711"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-05T00:15:23Z",
"severity": "HIGH"
},
"details": "Tunnelblick 3.5beta06 before 7.0, when incompletely uninstalled, allows attackers to execute arbitrary code as root (upon the next boot) by dragging a crafted Tunnelblick.app file into /Applications.",
"id": "GHSA-6q72-3gw7-q23c",
"modified": "2025-07-05T00:30:23Z",
"published": "2025-07-05T00:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43711"
},
{
"type": "WEB",
"url": "https://tunnelblick.net/cCVE-2025-43711.html"
},
{
"type": "WEB",
"url": "https://tunnelblick.net/downloads.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6QG5-VF7X-4FM3
Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-10-25 19:00The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.
{
"affected": [],
"aliases": [
"CVE-2021-39327"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-17T11:15:00Z",
"severity": "MODERATE"
},
"details": "The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.",
"id": "GHSA-6qg5-vf7x-4fm3",
"modified": "2022-10-25T19:00:22Z",
"published": "2022-05-24T19:14:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39327"
},
{
"type": "WEB",
"url": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2591118%40bulletproof-security\u0026new=2591118%40bulletproof-security\u0026sfp_email=\u0026sfph_mail="
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/50382"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6V3C-8PW3-VQQP
Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2024-04-04 01:46Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulnerable after upgrading to 4.4.0. Version 4.4.1 fixes this issue by removing the operating system's copy during the upgrade.
{
"affected": [],
"aliases": [
"CVE-2019-13014"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-23T17:15:00Z",
"severity": "MODERATE"
},
"details": "Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulnerable after upgrading to 4.4.0. Version 4.4.1 fixes this issue by removing the operating system\u0027s copy during the upgrade.",
"id": "GHSA-6v3c-8pw3-vqqp",
"modified": "2024-04-04T01:46:42Z",
"published": "2022-05-24T16:54:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13014"
},
{
"type": "WEB",
"url": "https://obdev.at/cve/2019-13014-MzE24Ify4p.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-729Q-FCGP-R5XH
Vulnerability from github – Published: 2023-12-05 09:33 – Updated: 2025-11-04 22:10When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fix this issue.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.struts:struts2-core"
},
"ranges": [
{
"events": [
{
"introduced": "6.2.0"
},
{
"fixed": "6.3.0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.struts:struts2-core"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.1.2.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.struts:struts2-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.32"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-41835"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": true,
"github_reviewed_at": "2023-12-05T23:34:18Z",
"nvd_published_at": "2023-12-05T09:15:07Z",
"severity": "HIGH"
},
"details": "When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir\u00a0even if the request has been denied.\nUsers are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fix this issue.",
"id": "GHSA-729q-fcgp-r5xh",
"modified": "2025-11-04T22:10:45Z",
"published": "2023-12-05T09:33:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41835"
},
{
"type": "WEB",
"url": "https://github.com/apache/struts/commit/3292152f8c0a77ee4827beede82b6580478a2c2a"
},
{
"type": "WEB",
"url": "https://github.com/apache/struts/commit/4c044f12560e22e00520595412830f9582d6dac7"
},
{
"type": "WEB",
"url": "https://github.com/apache/struts/commit/bf54436869c264941dd192c752a4abfaa65d3711"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/struts"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231013-0001"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2023/12/09/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/12/09/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability"
}
GHSA-77G3-3J5W-64W4
Vulnerability from github – Published: 2021-04-07 20:36 – Updated: 2024-09-06 20:16A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0a1"
},
{
"fixed": "2.7.17"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0a1"
},
{
"fixed": "2.8.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0a1"
},
{
"fixed": "2.9.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-10685"
],
"database_specific": {
"cwe_ids": [
"CWE-377",
"CWE-459",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-05T14:11:30Z",
"nvd_published_at": "2020-05-11T14:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.",
"id": "GHSA-77g3-3j5w-64w4",
"modified": "2024-09-06T20:16:43Z",
"published": "2021-04-07T20:36:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10685"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/pull/68433"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/4e1fe80e681fa466626e9dea53efe6b0253ea1b2"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/51d2514753544a9d58cd7524e27e696b2c944fb5"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/e1273b6faf036ed84e4f4edee85b888a4e256aee"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10685"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-77g3-3j5w-64w4"
},
{
"type": "PACKAGE",
"url": "https://github.com/ansible/ansible"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-1.yaml"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202006-11"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4950"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible"
}
GHSA-7C3R-4J4X-4RJJ
Vulnerability from github – Published: 2024-09-04 03:30 – Updated: 2024-09-04 03:30Vulnerability of resources not being closed or released in the keystore module Impact: Successful exploitation of this vulnerability will affect availability.
{
"affected": [],
"aliases": [
"CVE-2024-45445"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-04T03:15:03Z",
"severity": "MODERATE"
},
"details": "Vulnerability of resources not being closed or released in the keystore module\nImpact: Successful exploitation of this vulnerability will affect availability.",
"id": "GHSA-7c3r-4j4x-4rjj",
"modified": "2024-09-04T03:30:45Z",
"published": "2024-09-04T03:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45445"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2024/9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation
Temporary files and other supporting resources should be deleted/released immediately after they are no longer needed.
No CAPEC attack patterns related to this CWE.