Common Weakness Enumeration

CWE-552

Allowed

Files or Directories Accessible to External Parties

Abstraction: Base · Status: Draft

The product makes files or directories accessible to unauthorized actors, even though they should not be.

670 vulnerabilities reference this CWE, most recent first.

CVE-2023-4550 (GCVE-0-2023-4550)

Vulnerability from cvelistv5 – Published: 2024-01-29 20:56 – Updated: 2024-11-12 21:30
VLAI
Title
Unauthenticated Arbitrary File Read
Summary
Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted. This issue affects AppBuilder: from 21.2 before 23.2.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-20 - Improper Input Validation
  • CWE-552 - Files or Directories Accessible to External Parties
Assigner
Impacted products
Vendor Product Version
OpenText AppBuilder Unaffected: 23.2
Affected: 21.2 , < 23.2 (custom)
Create a notification for this product.
Credits
George Mathias
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:31:06.538Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.opentext.com/csm?id=ot_kb_search\u0026kb_category=61648712db61781068cfd6c4e296197b"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4550",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-01T16:47:52.785921Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T21:30:04.904Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows",
            "Linux"
          ],
          "product": "AppBuilder",
          "vendor": "OpenText",
          "versions": [
            {
              "status": "unaffected",
              "version": "23.2"
            },
            {
              "lessThan": "23.2",
              "status": "affected",
              "version": "21.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "George Mathias"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eImproper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.\u003c/div\u003e\u003cdiv\u003eAn unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted. \u003cbr\u003e\u003c/div\u003e\u003cp\u003eThis issue affects AppBuilder: from 21.2 before 23.2.\u003c/p\u003e"
            }
          ],
          "value": "Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.\n\nAn unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted. \n\n\nThis issue affects AppBuilder: from 21.2 before 23.2.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-639",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-639 Probe System Files"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552 Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-29T20:56:09.908Z",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "OpenText"
      },
      "references": [
        {
          "url": "https://support.opentext.com/csm?id=ot_kb_search\u0026kb_category=61648712db61781068cfd6c4e296197b"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Unauthenticated Arbitrary File Read",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "OpenText",
    "cveId": "CVE-2023-4550",
    "datePublished": "2024-01-29T20:56:09.908Z",
    "dateReserved": "2023-08-25T16:54:44.535Z",
    "dateUpdated": "2024-11-12T21:30:04.904Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-4475 (GCVE-0-2023-4475)

Vulnerability from cvelistv5 – Published: 2023-08-22 09:02 – Updated: 2024-10-02 20:02
VLAI
Title
An Arbitrary File Movement vulnerability was found on the ADM
Summary
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
Vendor Product Version
ASUSTOR ADM Affected: 4.0 , ≤ 4.0.6.RIS1 (custom)
Affected: 4.1 , ≤ 4.1.0.RLQ1 (custom)
Affected: 4.2 , ≤ 4.2.2.RI61 (custom)
Create a notification for this product.
Date Public
2023-08-30 07:15
Credits
Stéphane Chauveau (stephane@chauveau-central.net)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:31:05.523Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.asustor.com/security/security_advisory_detail?id=30"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4475",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-02T20:00:13.355436Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-02T20:02:50.949Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageName": "File Explorer",
          "platforms": [
            "Linux",
            "x86",
            "ARM",
            "64 bit"
          ],
          "product": "ADM",
          "vendor": "ASUSTOR",
          "versions": [
            {
              "lessThanOrEqual": "4.0.6.RIS1",
              "status": "affected",
              "version": "4.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.1.0.RLQ1",
              "status": "affected",
              "version": "4.1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.2.2.RI61",
              "status": "affected",
              "version": "4.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "St\u00e9phane Chauveau (stephane@chauveau-central.net)"
        }
      ],
      "datePublic": "2023-08-30T07:15:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.\u003cbr\u003e"
            }
          ],
          "value": "An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-165",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-165 File Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552 Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-22T09:02:30.376Z",
        "orgId": "f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77",
        "shortName": "ASUSTOR1"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.asustor.com/security/security_advisory_detail?id=30"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "An Arbitrary File Movement vulnerability was found on the ADM",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77",
    "assignerShortName": "ASUSTOR1",
    "cveId": "CVE-2023-4475",
    "datePublished": "2023-08-22T09:02:30.376Z",
    "dateReserved": "2023-08-22T07:08:47.286Z",
    "dateUpdated": "2024-10-02T20:02:50.949Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-3712 (GCVE-0-2023-3712)

Vulnerability from cvelistv5 – Published: 2023-09-12 19:59 – Updated: 2025-09-12 19:33
VLAI
Title
Potential user privilege escalation
Summary
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.  Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-552 - Files or Directories Accessible to External Parties
Assigner
Impacted products
Vendor Product Version
Honeywell PM23/43 Affected: 0 , < P10.19.050004 (semver)
Create a notification for this product.
Honeywell PC23/43, PD43 Affected: 0 , < K10.19.050004 (semver)
Create a notification for this product.
Honeywell PM42 Affected: 0 , < T10.19.050004 (semver)
Create a notification for this product.
Honeywell PM42 Affected: 0 , < L10.19.050004 (semver)
Create a notification for this product.
Honeywell PX4ie/6ie Affected: 0 , < A10.19.050004 (semver)
Create a notification for this product.
Honeywell PX45/65 Affected: 0 , < B10.19.050004 (semver)
Create a notification for this product.
Honeywell PD45, PX240 Affected: 0 , < F10.19.050004 (semver)
Create a notification for this product.
Honeywell PX940 Affected: 0 , < H10.19.050004 (semver)
Create a notification for this product.
Honeywell PM45 Affected: 0 , < J10.19.050004 (semver)
Create a notification for this product.
Honeywell RP2f/RP4f Affected: 0 , < M10.19.050006 (semver)
Create a notification for this product.
Credits
Jinqi Lai (Independent Security Researcher)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:01:57.520Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.honeywell.com/us/en/product-security"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3712",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-25T14:54:07.219279Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-25T15:19:21.057Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Printer web page"
          ],
          "platforms": [
            "32 bit"
          ],
          "product": "PM23/43",
          "vendor": "Honeywell",
          "versions": [
            {
              "lessThan": "P10.19.050004",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "32 bit"
          ],
          "product": "PC23/43, PD43",
          "vendor": "Honeywell",
          "versions": [
            {
              "lessThan": "K10.19.050004",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "32 bit"
          ],
          "product": "PM42",
          "vendor": "Honeywell",
          "versions": [
            {
              "lessThan": "T10.19.050004",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "32 bit"
          ],
          "product": "PM42",
          "vendor": "Honeywell",
          "versions": [
            {
              "lessThan": "L10.19.050004",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "32 bit"
          ],
          "product": "PX4ie/6ie",
          "vendor": "Honeywell",
          "versions": [
            {
              "lessThan": "A10.19.050004",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "32 bit"
          ],
          "product": "PX45/65",
          "vendor": "Honeywell",
          "versions": [
            {
              "lessThan": "B10.19.050004",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "32 bit"
          ],
          "product": "PD45, PX240",
          "vendor": "Honeywell",
          "versions": [
            {
              "lessThan": "F10.19.050004",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "32 bit"
          ],
          "product": "PX940",
          "vendor": "Honeywell",
          "versions": [
            {
              "lessThan": "H10.19.050004",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "32 bit"
          ],
          "product": "PM45",
          "vendor": "Honeywell",
          "versions": [
            {
              "lessThan": "J10.19.050004",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "32 bit"
          ],
          "product": "RP2f/RP4f",
          "vendor": "Honeywell",
          "versions": [
            {
              "lessThan": "M10.19.050006",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jinqi Lai (Independent Security Researcher)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.\u003cp\u003eThis issue affects PM43 versions prior to P10.19.050004.\u0026nbsp;\n\nUpdate to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).\u003c/p\u003e"
            }
          ],
          "value": "Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.\u00a0\n\nUpdate to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006)."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552 Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-12T19:33:38.362Z",
        "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "shortName": "Honeywell"
      },
      "references": [
        {
          "url": "https://www.honeywell.com/us/en/product-security"
        },
        {
          "url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004"
        },
        {
          "url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Potential user privilege escalation",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
    "assignerShortName": "Honeywell",
    "cveId": "CVE-2023-3712",
    "datePublished": "2023-09-12T19:59:00.396Z",
    "dateReserved": "2023-07-17T13:59:27.158Z",
    "dateUpdated": "2025-09-12T19:33:38.362Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-2766 (GCVE-0-2023-2766)

Vulnerability from cvelistv5 – Published: 2023-05-17 16:31 – Updated: 2024-08-02 06:33
VLAI
Title
Weaver OA jx2_config.ini file access
Summary
A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229271. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CWE
  • CWE-552 - Files or Directories Accessible
Assigner
References
Impacted products
Vendor Product Version
Weaver OA Affected: 9.5
Create a notification for this product.
Credits
1056600829 (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:33:05.602Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.229271"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.229271"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/8079048q/cve/blob/main/weaveroa.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OA",
          "vendor": "Weaver",
          "versions": [
            {
              "status": "affected",
              "version": "9.5"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "analyst",
          "value": "1056600829 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229271. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine problematische Schwachstelle wurde in Weaver OA 9.5 gefunden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. Durch das Beeinflussen mit unbekannten Daten kann eine files or directories accessible-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552 Files or Directories Accessible",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-23T06:28:15.429Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.229271"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.229271"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/8079048q/cve/blob/main/weaveroa.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-05-17T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-05-17T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2023-05-17T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2023-06-10T11:00:36.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Weaver OA jx2_config.ini file access"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2023-2766",
    "datePublished": "2023-05-17T16:31:04.349Z",
    "dateReserved": "2023-05-17T16:05:03.207Z",
    "dateUpdated": "2024-08-02T06:33:05.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-2538 (GCVE-0-2023-2538)

Vulnerability from cvelistv5 – Published: 2023-07-05 12:11 – Updated: 2024-10-24 19:21
VLAI
Title
TLS Private Key Accessible to External Parties
Summary
A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can then be abused to perform Man-in-the-Middle (MitM) attacks against victims that access the web interface through HTTPS.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-552 - Files or Directories Accessible to External Parties
Assigner
Impacted products
Vendor Product Version
tyan s5552_bmc Affected: 3.00
Create a notification for this product.
Credits
Andrea Palanca of Nozomi Networks found this bug during a security research activity.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:26:09.787Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-2538/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-2538",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-24T19:19:46.830331Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-24T19:21:16.864Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "s5552_bmc",
          "vendor": "tyan",
          "versions": [
            {
              "status": "affected",
              "version": "3.00"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Andrea Palanca of Nozomi Networks found this bug during a security research activity."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A CWE-552 \"Files or Directories Accessible to External Parties\u201d in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can then be abused to perform Man-in-the-Middle (MitM) attacks against victims that access the web interface through HTTPS."
            }
          ],
          "value": "A CWE-552 \"Files or Directories Accessible to External Parties\u201d in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can then be abused to perform Man-in-the-Middle (MitM) attacks against victims that access the web interface through HTTPS."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-94",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-94 Man in the Middle Attack"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552 Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-30T14:12:35.425Z",
        "orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
        "shortName": "Nozomi"
      },
      "references": [
        {
          "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-2538/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "TLS Private Key Accessible to External Parties",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
    "assignerShortName": "Nozomi",
    "cveId": "CVE-2023-2538",
    "datePublished": "2023-07-05T12:11:53.397Z",
    "dateReserved": "2023-05-05T07:00:43.400Z",
    "dateUpdated": "2024-10-24T19:21:16.864Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-1246 (GCVE-0-2023-1246)

Vulnerability from cvelistv5 – Published: 2023-03-10 10:58 – Updated: 2026-06-01 11:17
VLAI
Title
Files or Directories Accessible to External Parties in Saysis Starcities
Summary
Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows Collect Data from Common Resource Locations. This issue affects Starcities: through 1.3.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
Vendor Product Version
Saysis Starcities Affected: 0 , ≤ 1.3 (custom)
Create a notification for this product.
Date Public
2023-03-10 11:00
Credits
Ufukcan DAL
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:40:59.592Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://www.usom.gov.tr/bildirim/tr-23-0140"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1246",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-27T19:20:08.486470Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T19:20:18.090Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Starcities",
          "vendor": "Saysis",
          "versions": [
            {
              "lessThanOrEqual": "1.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Ufukcan DAL"
        }
      ],
      "datePublic": "2023-03-10T11:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows Collect Data from Common Resource Locations.\u003cp\u003eThis issue affects Starcities: through 1.3.\u003c/p\u003e"
            }
          ],
          "value": "Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows Collect Data from Common Resource Locations.\n\nThis issue affects Starcities: through 1.3."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-150",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-150 Collect Data from Common Resource Locations"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552 Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T11:17:29.799Z",
        "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "shortName": "TR-CERT"
      },
      "references": [
        {
          "tags": [
            "government-resource",
            "broken-link"
          ],
          "url": "https://www.usom.gov.tr/bildirim/tr-23-0140"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0140"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update the software version to \u0026gt;=1.3"
            }
          ],
          "value": "Update the software version to \u003e=1.3"
        }
      ],
      "source": {
        "advisory": "TR-23-0140",
        "defect": [
          "TR-23-0140"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Files or Directories Accessible to External Parties in Saysis Starcities",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
    "assignerShortName": "TR-CERT",
    "cveId": "CVE-2023-1246",
    "datePublished": "2023-03-10T10:58:45.107Z",
    "dateReserved": "2023-03-07T06:57:44.082Z",
    "dateUpdated": "2026-06-01T11:17:29.799Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-45052 (GCVE-0-2022-45052)

Vulnerability from cvelistv5 – Published: 2023-01-04 18:11 – Updated: 2025-03-11 13:41
VLAI
Title
Local File Inclusion in Axiell Iguana CMS
Summary
A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capable of accessing files on the server.
CWE
  • CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
URL Tags
https://csirt.divd.nl/CVE-2022-45052/ third-party-advisory
https://csirt.divd.nl/DIVD-2022-00064/ third-party-advisory
Impacted products
Vendor Product Version
Axiell Iguana Affected: < 4.5.02
Create a notification for this product.
Credits
Amr Al Hallak Frank Breedijk (DIVD) Max van der Horst (DIVD)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:01:31.507Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://csirt.divd.nl/CVE-2022-45052/"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://csirt.divd.nl/DIVD-2022-00064/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows",
            "Linux"
          ],
          "product": "Iguana",
          "vendor": "Axiell",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.5.02"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Amr Al Hallak"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Frank Breedijk (DIVD)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Max van der Horst (DIVD)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capable of accessing files on the server."
            }
          ],
          "value": "A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capable of accessing files on the server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552 Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-11T13:41:05.512Z",
        "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "shortName": "DIVD"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://csirt.divd.nl/CVE-2022-45052/"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://csirt.divd.nl/DIVD-2022-00064/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade to the latest version of Iguana CMS."
            }
          ],
          "value": "Upgrade to the latest version of Iguana CMS."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Local File Inclusion in Axiell Iguana CMS",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
    "assignerShortName": "DIVD",
    "cveId": "CVE-2022-45052",
    "datePublished": "2023-01-04T18:11:20.473Z",
    "dateReserved": "2022-11-08T14:17:26.668Z",
    "dateUpdated": "2025-03-11T13:41:05.512Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-39208 (GCVE-0-2022-39208)

Vulnerability from cvelistv5 – Published: 2022-09-13 18:42 – Updated: 2025-04-22 17:22
VLAI
Title
Git Repository Disclosure in Onedev
Summary
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. All files in the /opt/onedev/sites/ directory are exposed and can be read by unauthenticated users. This directory contains all projects, including their bare git repos and build artifacts. This file disclosure vulnerability can be used by unauthenticated attackers to leak all project files of any project. Since project IDs are incremental, an attacker could iterate through them and leak all project data. This issue has been resolved in version 7.3.0 and users are advised to upgrade. There are no known workarounds for this issue.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-552 - Files or Directories Accessible to External Parties
Assigner
Impacted products
Vendor Product Version
theonedev onedev Affected: < 7.3.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:00:42.363Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/theonedev/onedev/security/advisories/GHSA-h427-rv56-c9h2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/theonedev/onedev/commit/8aa94e0daf8447cdf76d4f27bfda0a85a7ea5822"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.sonarsource.com/onedev-remote-code-execution/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-39208",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-22T15:39:35.406496Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-22T17:22:06.338Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "onedev",
          "vendor": "theonedev",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. All files in the /opt/onedev/sites/ directory are exposed and can be read by unauthenticated users. This directory contains all projects, including their bare git repos and build artifacts. This file disclosure vulnerability can be used by unauthenticated attackers to leak all project files of any project. Since project IDs are incremental, an attacker could iterate through them and leak all project data. This issue has been resolved in version 7.3.0 and users are advised to upgrade. There are no known workarounds for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552: Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-23T12:19:40.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/theonedev/onedev/security/advisories/GHSA-h427-rv56-c9h2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/theonedev/onedev/commit/8aa94e0daf8447cdf76d4f27bfda0a85a7ea5822"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.sonarsource.com/onedev-remote-code-execution/"
        }
      ],
      "source": {
        "advisory": "GHSA-h427-rv56-c9h2",
        "discovery": "UNKNOWN"
      },
      "title": "Git Repository Disclosure in Onedev",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-39208",
          "STATE": "PUBLIC",
          "TITLE": "Git Repository Disclosure in Onedev"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "onedev",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 7.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "theonedev"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. All files in the /opt/onedev/sites/ directory are exposed and can be read by unauthenticated users. This directory contains all projects, including their bare git repos and build artifacts. This file disclosure vulnerability can be used by unauthenticated attackers to leak all project files of any project. Since project IDs are incremental, an attacker could iterate through them and leak all project data. This issue has been resolved in version 7.3.0 and users are advised to upgrade. There are no known workarounds for this issue."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-552: Files or Directories Accessible to External Parties"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/theonedev/onedev/security/advisories/GHSA-h427-rv56-c9h2",
              "refsource": "CONFIRM",
              "url": "https://github.com/theonedev/onedev/security/advisories/GHSA-h427-rv56-c9h2"
            },
            {
              "name": "https://github.com/theonedev/onedev/commit/8aa94e0daf8447cdf76d4f27bfda0a85a7ea5822",
              "refsource": "MISC",
              "url": "https://github.com/theonedev/onedev/commit/8aa94e0daf8447cdf76d4f27bfda0a85a7ea5822"
            },
            {
              "name": "https://blog.sonarsource.com/onedev-remote-code-execution/",
              "refsource": "MISC",
              "url": "https://blog.sonarsource.com/onedev-remote-code-execution/"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-h427-rv56-c9h2",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-39208",
    "datePublished": "2022-09-13T18:42:28.000Z",
    "dateReserved": "2022-09-02T00:00:00.000Z",
    "dateUpdated": "2025-04-22T17:22:06.338Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-34464 (GCVE-0-2022-34464)

Vulnerability from cvelistv5 – Published: 2022-07-12 10:07 – Updated: 2025-11-12 07:21
VLAI
Summary
A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.7.3). The affected application uses an improperly protected file to import SSH keys. This could allow attackers with access to the filesystem of the host on which SICAM GridEdge runs to inject a custom SSH key to that file.
CWE
  • CWE-552 - Files or Directories Accessible to External Parties
Assigner
Impacted products
Vendor Product Version
Siemens SICAM GridEdge (Classic) Affected: 0 , < V2.7.3 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:15:15.179Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-225578.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SICAM GridEdge (Classic)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.7.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SICAM GridEdge (Classic) (All versions \u003c V2.7.3). The affected application uses an improperly protected file to import SSH keys. This could allow attackers with access to the filesystem of the host on which SICAM GridEdge runs to inject a custom SSH key to that file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552: Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-12T07:21:34.158Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-225578.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-225578.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2022-34464",
    "datePublished": "2022-07-12T10:07:19.000Z",
    "dateReserved": "2022-06-24T00:00:00.000Z",
    "dateUpdated": "2025-11-12T07:21:34.158Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-32143 (GCVE-0-2022-32143)

Vulnerability from cvelistv5 – Published: 2022-06-24 07:46 – Updated: 2024-09-16 17:28
VLAI
Title
CODESYS runtime system prone to directory acces
Summary
In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required
CWE
  • CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
Vendor Product Version
CODESYS Runtime Toolkit Affected: V2 , < V2.4.7.57 (custom)
Create a notification for this product.
CODESYS PLCWinNT Affected: V2 , < V2.4.7.57 (custom)
Create a notification for this product.
Date Public
2022-06-15 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:32:55.974Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17139\u0026token=ec67d15a433b61c77154166c20c78036540cacb0\u0026download="
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32 bit"
          ],
          "product": "Runtime Toolkit",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V2.4.7.57",
              "status": "affected",
              "version": "V2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "PLCWinNT",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V2.4.7.57",
              "status": "affected",
              "version": "V2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-06-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552 Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-24T07:46:30.000Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17139\u0026token=ec67d15a433b61c77154166c20c78036540cacb0\u0026download="
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "CODESYS runtime system prone to directory acces",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2022-06-15T08:12:00.000Z",
          "ID": "CVE-2022-32143",
          "STATE": "PUBLIC",
          "TITLE": "CODESYS runtime system prone to directory acces"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Runtime Toolkit",
                      "version": {
                        "version_data": [
                          {
                            "platform": "32 bit",
                            "version_affected": "\u003c",
                            "version_name": "V2",
                            "version_value": "V2.4.7.57"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "PLCWinNT",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "V2",
                            "version_value": "V2.4.7.57"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "CODESYS"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-552 Files or Directories Accessible to External Parties"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17139\u0026token=ec67d15a433b61c77154166c20c78036540cacb0\u0026download=",
              "refsource": "CONFIRM",
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17139\u0026token=ec67d15a433b61c77154166c20c78036540cacb0\u0026download="
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2022-32143",
    "datePublished": "2022-06-24T07:46:30.133Z",
    "dateReserved": "2022-05-31T00:00:00.000Z",
    "dateUpdated": "2024-09-16T17:28:17.867Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.

CAPEC-150: Collect Data from Common Resource Locations

An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.

CAPEC-639: Probe System Files

An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.