Common Weakness Enumeration

CWE-538

Allowed

Insertion of Sensitive Information into Externally-Accessible File or Directory

Abstraction: Base · Status: Draft

The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

155 vulnerabilities reference this CWE, most recent first.

GHSA-2JXW-Q5G8-C3HF

Vulnerability from github – Published: 2025-04-03 15:31 – Updated: 2026-04-01 18:34
VLAI
Details

Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Greg TailPress allows Retrieve Embedded Sensitive Data. This issue affects TailPress: from n/a through 0.4.4.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-31558"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-03T14:15:37Z",
    "severity": "MODERATE"
  },
  "details": "Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Greg TailPress allows Retrieve Embedded Sensitive Data. This issue affects TailPress: from n/a through 0.4.4.",
  "id": "GHSA-2jxw-q5g8-c3hf",
  "modified": "2026-04-01T18:34:27Z",
  "published": "2025-04-03T15:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31558"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/tailpress/vulnerability/wordpress-tailpress-plugin-0-4-4-sensitive-data-exposure-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2MGR-RF47-4329

Vulnerability from github – Published: 2024-12-10 03:31 – Updated: 2024-12-10 03:31
VLAI
Details

An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server. Using the upload functionality to copy an internal file into a font file and subsequently using the download functionality to retrieve that file allows the attacker to read any file on the server with no effect on integrity or availability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47579"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-10T01:15:05Z",
    "severity": "MODERATE"
  },
  "details": "An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server.  Using the upload functionality to copy an internal file into a font file and subsequently using the download functionality to retrieve that file allows the attacker to read any file on the server with no effect on integrity or availability",
  "id": "GHSA-2mgr-rf47-4329",
  "modified": "2024-12-10T03:31:45Z",
  "published": "2024-12-10T03:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47579"
    },
    {
      "type": "WEB",
      "url": "https://me.sap.com/notes/3536965"
    },
    {
      "type": "WEB",
      "url": "https://url.sap/sapsecuritypatchday"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2MVV-V998-H3GJ

Vulnerability from github – Published: 2026-03-16 15:30 – Updated: 2026-03-16 15:30
VLAI
Details

HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-52642"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-16T15:16:18Z",
    "severity": "LOW"
  },
  "details": "HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure.",
  "id": "GHSA-2mvv-v998-h3gj",
  "modified": "2026-03-16T15:30:46Z",
  "published": "2026-03-16T15:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52642"
    },
    {
      "type": "WEB",
      "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0129410"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2P67-36H6-33V6

Vulnerability from github – Published: 2023-11-23 15:30 – Updated: 2023-11-23 15:30
VLAI
Details

An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4595"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-23T13:15:12Z",
    "severity": "HIGH"
  },
  "details": "An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.",
  "id": "GHSA-2p67-36h6-33v6",
  "modified": "2023-11-23T15:30:26Z",
  "published": "2023-11-23T15:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4595"
    },
    {
      "type": "WEB",
      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2VVX-5G27-9GVJ

Vulnerability from github – Published: 2023-10-16 21:30 – Updated: 2024-04-04 08:42
VLAI
Details

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-5003"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-16T20:15:17Z",
    "severity": "HIGH"
  },
  "details": "The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.",
  "id": "GHSA-2vvx-5g27-9gvj",
  "modified": "2024-04-04T08:42:00Z",
  "published": "2023-10-16T21:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5003"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/91f4e500-71f3-4ef6-9cc7-24a7c12a5748"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-35GQ-CVRM-XF94

Vulnerability from github – Published: 2025-03-12 18:32 – Updated: 2025-07-16 21:02
VLAI
Summary
Apache NiFi: Potential Insertion of MongoDB Password in Provenance Record
Details

Apache NiFi 1.13.0 through 2.2.0 includes the username and password used to authenticate with MongoDB in the NiFi provenance events that MongoDB components generate during processing. An authorized user with read access to the provenance events of those processors may see the credentials information. Upgrading to Apache NiFi 2.3.0 is the recommended mitigation, which removes the credentials from provenance event records.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.nifi:nifi-mongodb-services"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.13.0"
            },
            {
              "fixed": "2.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-27017"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-12T22:08:29Z",
    "nvd_published_at": "2025-03-12T17:15:50Z",
    "severity": "MODERATE"
  },
  "details": "Apache NiFi 1.13.0 through 2.2.0 includes the username and password used to authenticate with MongoDB in the NiFi provenance events that MongoDB components generate during processing. An authorized user with read access to the provenance events of those processors may see the credentials information. Upgrading to Apache NiFi 2.3.0 is the recommended mitigation, which removes the credentials from provenance event records.",
  "id": "GHSA-35gq-cvrm-xf94",
  "modified": "2025-07-16T21:02:25Z",
  "published": "2025-03-12T18:32:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27017"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/nifi/commit/48d684500f6ad70f65bfd510db054590c5bc74a9"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/nifi"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/jira/browse/NIFI-14272"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/d4n5474jkhp82dvnht13pjtlfx7bhn5q"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/03/11/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/S:P/AU:Y/R:U/V:C/RE:L/U:Green",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Apache NiFi: Potential Insertion of MongoDB Password in Provenance Record"
}

GHSA-495G-CJ2M-HR56

Vulnerability from github – Published: 2022-05-24 17:46 – Updated: 2022-09-21 00:00
VLAI
Details

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1406"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-08T04:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges.",
  "id": "GHSA-495g-cj2m-hr56",
  "modified": "2022-09-21T00:00:43Z",
  "published": "2022-05-24T17:46:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1406"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-524W-VQ63-2XHF

Vulnerability from github – Published: 2026-05-19 21:32 – Updated: 2026-06-05 16:37
VLAI
Summary
Apache Airflow CNCF Kubernetes provider: JWT Token Exposure in KubernetesExecutor Command-Line Arguments
Details

JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Task SDK and potentially allow to modify state of Airflow Database for tasks.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "apache-airflow-providers-cncf-kubernetes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "10.17.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-27173"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-05T16:37:13Z",
    "nvd_published_at": "2026-05-19T20:16:17Z",
    "severity": "HIGH"
  },
  "details": "JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Task SDK and potentially allow to modify state of Airflow Database for tasks.",
  "id": "GHSA-524w-vq63-2xhf",
  "modified": "2026-06-05T16:37:13Z",
  "published": "2026-05-19T21:32:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27173"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/pull/60108"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/airflow"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/pk3m2z4s2rkmc0v6gh9hnch9spc6stqw"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/19/35"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Airflow CNCF Kubernetes provider: JWT Token Exposure in KubernetesExecutor Command-Line Arguments"
}

GHSA-52HF-PCF2-JRQX

Vulnerability from github – Published: 2025-05-05 03:30 – Updated: 2025-05-06 15:31
VLAI
Details

In devinfo, there is a possible information disclosure due to a missing SELinux policy. This could lead to local information disclosure of device identifier with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09555228; Issue ID: MSV-2760.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20665"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-05T03:15:21Z",
    "severity": "MODERATE"
  },
  "details": "In devinfo, there is a possible information disclosure due to a missing SELinux policy. This could lead to local information disclosure of device identifier with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09555228; Issue ID: MSV-2760.",
  "id": "GHSA-52hf-pcf2-jrqx",
  "modified": "2025-05-06T15:31:02Z",
  "published": "2025-05-05T03:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20665"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/May-2025"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-596F-F6G3-VVMJ

Vulnerability from github – Published: 2026-03-19 03:30 – Updated: 2026-03-19 03:30
VLAI
Details

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in configuration files that could be read by a local user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-36051"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-19T03:16:01Z",
    "severity": "MODERATE"
  },
  "details": "IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in configuration files that could be read by a local user.",
  "id": "GHSA-596f-f6g3-vvmj",
  "modified": "2026-03-19T03:30:57Z",
  "published": "2026-03-19T03:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36051"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7266709"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Operation System Configuration

Do not expose file and directory information to the user.

CAPEC-95: WSDL Scanning

This attack targets the WSDL interface made available by a web service. The attacker may scan the WSDL interface to reveal sensitive information about invocation patterns, underlying technology implementations and associated vulnerabilities. This type of probing is carried out to perform more serious attacks (e.g. parameter tampering, malicious content injection, command injection, etc.). WSDL files provide detailed information about the services ports and bindings available to consumers. For instance, the attacker can submit special characters or malicious content to the Web service and can cause a denial of service condition or illegal access to database records. In addition, the attacker may try to guess other private methods by using the information provided in the WSDL files.