CWE-538
AllowedInsertion of Sensitive Information into Externally-Accessible File or Directory
Abstraction: Base · Status: Draft
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.
155 vulnerabilities reference this CWE, most recent first.
GHSA-FJQ3-H34R-Q4FP
Vulnerability from github – Published: 2026-05-05 12:31 – Updated: 2026-05-05 12:31WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then construct direct download URLs to retrieve sensitive backup archives containing full database dumps.
{
"affected": [],
"aliases": [
"CVE-2023-54346"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-05T12:16:17Z",
"severity": "HIGH"
},
"details": "WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then construct direct download URLs to retrieve sensitive backup archives containing full database dumps.",
"id": "GHSA-fjq3-h34r-q4fp",
"modified": "2026-05-05T12:31:38Z",
"published": "2026-05-05T12:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54346"
},
{
"type": "WEB",
"url": "https://backupbliss.com"
},
{
"type": "WEB",
"url": "https://downloads.wordpress.org/plugin/backup-backup.1.2.8.zip"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/51445"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/wordpress-plugin-backup-migration-unauthenticated-database-backup-download"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-FQXH-XW44-6M6R
Vulnerability from github – Published: 2024-07-10 03:30 – Updated: 2024-07-10 03:30The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4. This makes it possible for attackers with contributor access or higher to read the contents of arbitrary files on the server, which can contain sensitive information.
{
"affected": [],
"aliases": [
"CVE-2023-7062"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-10T02:15:02Z",
"severity": "HIGH"
},
"details": "The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4. This makes it possible for attackers with contributor access or higher to read the contents of arbitrary files on the server, which can contain sensitive information.",
"id": "GHSA-fqxh-xw44-6m6r",
"modified": "2024-07-10T03:30:35Z",
"published": "2024-07-10T03:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7062"
},
{
"type": "WEB",
"url": "https://advancedfilemanager.com/product/file-manager-advanced-shortcode-wordpress"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8bf009f5-cf9e-4d38-9679-d3abb5817d30?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FV26-QM6R-MMQ5
Vulnerability from github – Published: 2025-01-08 21:32 – Updated: 2025-01-08 21:32An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.1, starting from 17.6 prior to 17.6.1, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner.
{
"affected": [],
"aliases": [
"CVE-2025-0194"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-08T20:15:29Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.1, starting from 17.6 prior to 17.6.1, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner.",
"id": "GHSA-fv26-qm6r-mmq5",
"modified": "2025-01-08T21:32:26Z",
"published": "2025-01-08T21:32:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0194"
},
{
"type": "WEB",
"url": "https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/#possible-access-token-exposure-in-gitlab-logs"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/489459"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G2PQ-9JR7-W6GV
Vulnerability from github – Published: 2025-09-03 15:30 – Updated: 2025-11-05 20:42In Jenkins Git client Plugin 6.3.2 and earlier, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:git-client"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.3.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-58458"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-538"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-03T22:22:25Z",
"nvd_published_at": "2025-09-03T15:15:39Z",
"severity": "MODERATE"
},
"details": "In Jenkins Git client Plugin 6.3.2 and earlier, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.",
"id": "GHSA-g2pq-9jr7-w6gv",
"modified": "2025-11-05T20:42:59Z",
"published": "2025-09-03T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58458"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/git-client-plugin/commit/20090a86c3ebc72e5283c882de73e3a4459137bb"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/git-client-plugin"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2025-09-03/#SECURITY-3590"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/09/03/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Jenkins Git client Plugin file system information disclosure vulnerability"
}
GHSA-GP6G-V2W2-6G56
Vulnerability from github – Published: 2023-09-05 15:30 – Updated: 2024-04-04 07:29Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write files to arbitrary locations, provided the files pass the application’s mime-type and file extension validation.
{
"affected": [],
"aliases": [
"CVE-2023-4480"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-05T15:15:42Z",
"severity": "MODERATE"
},
"details": "\nDue to an out-of-date dependency in the \u201cFusion File Manager\u201d component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write files to arbitrary locations, provided the files pass the application\u2019s mime-type and file extension validation.\u00a0\n\n",
"id": "GHSA-gp6g-v2w2-6g56",
"modified": "2024-04-04T07:29:00Z",
"published": "2023-09-05T15:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4480"
},
{
"type": "WEB",
"url": "https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GR5R-WC3P-J783
Vulnerability from github – Published: 2025-08-20 12:31 – Updated: 2025-08-20 12:31In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files
{
"affected": [],
"aliases": [
"CVE-2025-57734"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-20T10:15:31Z",
"severity": "MODERATE"
},
"details": "In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files",
"id": "GHSA-gr5r-wc3p-j783",
"modified": "2025-08-20T12:31:15Z",
"published": "2025-08-20T12:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57734"
},
{
"type": "WEB",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GWVM-VRP4-4PP5
Vulnerability from github – Published: 2023-03-24 22:04 – Updated: 2023-03-24 22:04Impact
angular-server-side-configuration detects used environment variables in TypeScript (.ts) files during build time of an Angular CLI project. The detected environment variables are written to a ngssc.json file in the output directory. During deployment of an Angular based app, the environment variables based on the variables from ngssc.json are inserted into the apps index.html (or defined index file).
With version 15 the environment variable detection was widened to the entire project, relative to the angular.json file from the Angular CLI. In a monorepo setup, this could lead to environment variables intended for a backend/service to be detected and written to the ngssc.json, which would then be populated and exposed via index.html.
This has NO IMPACT, in a plain Angular project that has no backend component.
Patches
Vulnerability has been mitigated in 15.1.0, by adding an option searchPattern which restricts the detection file range by default.
# Update via npm
npm update angular-server-side-configuration
## Or more specific
npm install angular-server-side-configuration@15.1.0
# Update via pnpm
pnpm update angular-server-side-configuration
## Or more specific
pnpm add angular-server-side-configuration@15.1.0
# Update via yarn
yarn update angular-server-side-configuration
## Or more specific
yarn add angular-server-side-configuration@15.1.0
Workarounds
Manually edit or create ngssc.json or run a script after ngssc.json generation
References
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "angular-server-side-configuration"
},
"ranges": [
{
"events": [
{
"introduced": "15.0.0"
},
{
"fixed": "15.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-28444"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-538"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-24T22:04:35Z",
"nvd_published_at": "2023-03-24T20:15:00Z",
"severity": "CRITICAL"
},
"details": "### Impact\nangular-server-side-configuration detects used environment variables in TypeScript (.ts) files during build time of an Angular CLI project. The detected environment variables are written to a ngssc.json file in the output directory.\nDuring deployment of an Angular based app, the environment variables based on the variables from ngssc.json are inserted into the apps index.html (or defined index file).\n\nWith version 15 the environment variable detection was widened to the entire project, relative to the angular.json file from the Angular CLI. In a monorepo setup, this could lead to environment variables intended for a backend/service to be detected and written to the ngssc.json, which would then be populated and exposed via index.html.\n\nThis has NO IMPACT, in a plain Angular project that has no backend component.\n\n### Patches\nVulnerability has been mitigated in 15.1.0, by adding an option `searchPattern` which restricts the detection file range by default.\n\n```bash\n# Update via npm\nnpm update angular-server-side-configuration\n## Or more specific\nnpm install angular-server-side-configuration@15.1.0\n\n# Update via pnpm\npnpm update angular-server-side-configuration\n## Or more specific\npnpm add angular-server-side-configuration@15.1.0\n\n# Update via yarn\nyarn update angular-server-side-configuration\n## Or more specific\nyarn add angular-server-side-configuration@15.1.0\n```\n\n### Workarounds\nManually edit or create ngssc.json or run a script after ngssc.json generation\n\n### References\n\n ",
"id": "GHSA-gwvm-vrp4-4pp5",
"modified": "2023-03-24T22:04:35Z",
"published": "2023-03-24T22:04:35Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/kyubisation/angular-server-side-configuration/security/advisories/GHSA-gwvm-vrp4-4pp5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28444"
},
{
"type": "WEB",
"url": "https://github.com/kyubisation/angular-server-side-configuration/commit/d701f51260637a84ede278e248934e0437a7ff86"
},
{
"type": "PACKAGE",
"url": "https://github.com/kyubisation/angular-server-side-configuration"
},
{
"type": "WEB",
"url": "https://github.com/kyubisation/angular-server-side-configuration/releases/tag/v15.1.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend"
}
GHSA-H26C-C6VW-JJJM
Vulnerability from github – Published: 2025-03-18 18:30 – Updated: 2025-03-19 21:30yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml.
{
"affected": [],
"aliases": [
"CVE-2025-25586"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-18T16:15:27Z",
"severity": "MODERATE"
},
"details": "yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml.",
"id": "GHSA-h26c-c6vw-jjjm",
"modified": "2025-03-19T21:30:52Z",
"published": "2025-03-18T18:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25586"
},
{
"type": "WEB",
"url": "https://gitee.com/r1bbit/yimioa/issues/IBI7LR"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-H68H-QCXP-QV6V
Vulnerability from github – Published: 2026-03-12 18:30 – Updated: 2026-03-12 18:30A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers.
{
"affected": [],
"aliases": [
"CVE-2026-21672"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-12T17:16:35Z",
"severity": "HIGH"
},
"details": "A vulnerability allowing local privilege escalation on Windows-based Veeam Backup \u0026 Replication servers.",
"id": "GHSA-h68h-qcxp-qv6v",
"modified": "2026-03-12T18:30:31Z",
"published": "2026-03-12T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21672"
},
{
"type": "WEB",
"url": "https://www.veeam.com/kb4830"
},
{
"type": "WEB",
"url": "https://www.veeam.com/kb4831"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JWFG-733H-8PC5
Vulnerability from github – Published: 2024-05-15 18:30 – Updated: 2024-11-18 16:26On Windows systems, the Arc configuration files resulted to be world-readable.
This can lead to information disclosure by local attackers, via exfiltration of sensitive data from configuration files.
{
"affected": [],
"aliases": [
"CVE-2023-5937"
],
"database_specific": {
"cwe_ids": [
"CWE-538",
"CWE-732"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-15T16:15:09Z",
"severity": "MODERATE"
},
"details": "On Windows systems, the Arc configuration files resulted to be world-readable.\n\n\n\nThis can lead to information disclosure by local attackers, via exfiltration of sensitive data from configuration files.",
"id": "GHSA-jwfg-733h-8pc5",
"modified": "2024-11-18T16:26:42Z",
"published": "2024-05-15T18:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5937"
},
{
"type": "WEB",
"url": "https://security.nozominetworks.com/NN-2023:15-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
Do not expose file and directory information to the user.
CAPEC-95: WSDL Scanning
This attack targets the WSDL interface made available by a web service. The attacker may scan the WSDL interface to reveal sensitive information about invocation patterns, underlying technology implementations and associated vulnerabilities. This type of probing is carried out to perform more serious attacks (e.g. parameter tampering, malicious content injection, command injection, etc.). WSDL files provide detailed information about the services ports and bindings available to consumers. For instance, the attacker can submit special characters or malicious content to the Web service and can cause a denial of service condition or illegal access to database records. In addition, the attacker may try to guess other private methods by using the information provided in the WSDL files.