Common Weakness Enumeration

CWE-552

Allowed

Files or Directories Accessible to External Parties

Abstraction: Base · Status: Draft

The product makes files or directories accessible to unauthorized actors, even though they should not be.

670 vulnerabilities reference this CWE, most recent first.

GHSA-5RQP-847G-V4F2

Vulnerability from github – Published: 2022-12-12 03:31 – Updated: 2025-04-23 15:30
VLAI
Details

The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/. This address has a backup file which can be downloaded without any authentication.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-45227"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-12T03:15:00Z",
    "severity": "HIGH"
  },
  "details": "The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/. This address has a backup file which can be downloaded without any authentication.",
  "id": "GHSA-5rqp-847g-v4f2",
  "modified": "2025-04-23T15:30:41Z",
  "published": "2022-12-12T03:31:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45227"
    },
    {
      "type": "WEB",
      "url": "https://sectrio.com/vulnerability-research/cve-2022-45227"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5V46-5C9P-J4MG

Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34
VLAI
Details

redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-10869"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552",
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-19T22:29:00Z",
    "severity": "HIGH"
  },
  "details": "redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.",
  "id": "GHSA-5v46-5c9p-j4mg",
  "modified": "2022-05-13T01:34:56Z",
  "published": "2022-05-13T01:34:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10869"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2373"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2018-10869"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593780"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10869"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105061"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5VM6-MM87-JJV8

Vulnerability from github – Published: 2022-08-02 00:00 – Updated: 2022-08-05 00:00
VLAI
Details

The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1585"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-01T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.",
  "id": "GHSA-5vm6-mm87-jjv8",
  "modified": "2022-08-05T00:00:24Z",
  "published": "2022-08-02T00:00:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1585"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/e709958c-7bce-45d7-9a0a-6e0ed12cd03f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5W78-C46H-GQXQ

Vulnerability from github – Published: 2023-01-23 15:30 – Updated: 2023-01-30 18:30
VLAI
Details

The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked settings of the plugin publicly, including the used email address.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4346"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-23T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked settings of the plugin publicly, including the used email address.",
  "id": "GHSA-5w78-c46h-gqxq",
  "modified": "2023-01-30T18:30:22Z",
  "published": "2023-01-23T15:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4346"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/cc05f760-983d-4dc1-afbb-6b4965aa8abe"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-64GV-3PQV-299H

Vulnerability from github – Published: 2021-05-07 15:54 – Updated: 2021-05-05 22:31
VLAI
Summary
Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket
Details

By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.wicket:wicket-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.17.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.wicket:wicket-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.9.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.wicket:wicket-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0-M1"
            },
            {
              "fixed": "9.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "9.0.0-M1"
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.wicket:wicket-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0-M2"
            },
            {
              "fixed": "9.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "9.0.0-M2"
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.wicket:wicket-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0-M3"
            },
            {
              "fixed": "9.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "9.0.0-M3"
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.wicket:wicket-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0-M4"
            },
            {
              "fixed": "9.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "9.0.0-M4"
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.wicket:wicket-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0-M5"
            },
            {
              "fixed": "9.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "9.0.0-M5"
      ]
    }
  ],
  "aliases": [
    "CVE-2020-11976"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-05T22:31:00Z",
    "nvd_published_at": "2020-08-11T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5",
  "id": "GHSA-64gv-3pqv-299h",
  "modified": "2021-05-05T22:31:00Z",
  "published": "2021-05-07T15:54:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11976"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r05340178680eb6b9d4d40d56b5621dd4ae9715e6f41f12ae2288ec49@%3Cdev.directory.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r104eeefeb1e9da51f7ef79cef0f9ff12e21ef8559b77801e86b21e16%40%3Cusers.wicket.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r982c626dbce5c995223c4a6ddd7685de3592f8d65ba8372da1f3ce19@%3Cdev.directory.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd0f36b83cc9f28b016ec552f023fb5a59a9ea8db56f2b9dcc6a2f6b7@%3Ccommits.directory.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd26cae6e30b205e09e4b511d3d962d4f677c0c604f737997ce1b2f22@%3Cdev.directory.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rdec0a43afdca59c10416889e07267f3d2fdf4ab929a6e22a2659b6ff@%3Cdev.directory.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re4af65851bf69605cfb68be215eba36d4cdc1a90b95fbc894799d923@%3Cdev.directory.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/reb7ea8141c713b5b19eaf34c00f43aaebf5a1c116130f763c42bdad1@%3Cdev.directory.apache.org%3E"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket"
}

GHSA-66RX-339R-MM8J

Vulnerability from github – Published: 2023-02-06 15:30 – Updated: 2023-02-15 00:30
VLAI
Details

CRMEB 4.4.4 is vulnerable to Any File download.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-44343"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-06T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "CRMEB 4.4.4 is vulnerable to Any File download.",
  "id": "GHSA-66rx-339r-mm8j",
  "modified": "2023-02-15T00:30:39Z",
  "published": "2023-02-06T15:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44343"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/Nmslgkd/442d8055914887d7c99c4e70a63da4c2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/crmeb/CRMEB"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-66VJ-P7RX-6JRR

Vulnerability from github – Published: 2022-01-19 00:00 – Updated: 2022-01-26 00:03
VLAI
Details

An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a group was due to incorrect handling of file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0244"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-18T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a group was due to incorrect handling of file.",
  "id": "GHSA-66vj-p7rx-6jrr",
  "modified": "2022-01-26T00:03:10Z",
  "published": "2022-01-19T00:00:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0244"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1439593"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0244.json"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/349524"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-6769-R74J-4RX4

Vulnerability from github – Published: 2024-11-07 12:30 – Updated: 2024-11-07 12:30
VLAI
Details

Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITE_DACL permission to the BUILTIN\Users group. This allows local users who are not administrators to grant themselves the Full Control permission on Velociraptor's files. By modifying Velociraptor's files, local users can subvert the binary and cause the Velociraptor service to execute arbitrary code as the SYSTEM user, or to replace the Velociraptor binary completely.  This issue is fixed in version 0.73.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-10526"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-07T11:15:03Z",
    "severity": "HIGH"
  },
  "details": "Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITE_DACL permission to the BUILTIN\\\\Users group. This allows local users who are not administrators to grant themselves the Full Control permission on Velociraptor\u0027s files. By modifying Velociraptor\u0027s files, local users can subvert the binary and cause the Velociraptor service to execute arbitrary code as the SYSTEM user, or to replace the Velociraptor binary completely.\u00a0 This issue is fixed in version 0.73.3.",
  "id": "GHSA-6769-r74j-4rx4",
  "modified": "2024-11-07T12:30:35Z",
  "published": "2024-11-07T12:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10526"
    },
    {
      "type": "WEB",
      "url": "https://docs.velociraptor.app/announcements/2024-cves"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:L/U:Red",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-67Q5-5XJ6-VP4M

Vulnerability from github – Published: 2023-01-04 21:30 – Updated: 2024-10-16 12:30
VLAI
Details

A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the imageProxy.type.php endpoint, external users are capable of accessing files on the server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-45052"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-04T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the imageProxy.type.php endpoint, external users are capable of accessing files on the server.",
  "id": "GHSA-67q5-5xj6-vp4m",
  "modified": "2024-10-16T12:30:47Z",
  "published": "2023-01-04T21:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45052"
    },
    {
      "type": "WEB",
      "url": "https://csirt.divd.nl/CVE-2022-45052"
    },
    {
      "type": "WEB",
      "url": "https://csirt.divd.nl/DIVD-2022-00064"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-67QR-87V5-R3G3

Vulnerability from github – Published: 2025-02-12 18:31 – Updated: 2025-02-19 21:31
VLAI
Details

In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-11629"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-12T17:15:22Z",
    "severity": "HIGH"
  },
  "details": "In Progress\u00ae Telerik\u00ae Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF.",
  "id": "GHSA-67qr-87v5-r3g3",
  "modified": "2025-02-19T21:31:36Z",
  "published": "2025-02-12T18:31:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11629"
    },
    {
      "type": "WEB",
      "url": "https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-rtf-filecontent-export-cve-2024-11629"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.

CAPEC-150: Collect Data from Common Resource Locations

An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.

CAPEC-639: Probe System Files

An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.