Common Weakness Enumeration

CWE-552

Allowed

Files or Directories Accessible to External Parties

Abstraction: Base · Status: Draft

The product makes files or directories accessible to unauthorized actors, even though they should not be.

670 vulnerabilities reference this CWE, most recent first.

GHSA-CFC9-XJPJ-J334

Vulnerability from github – Published: 2024-06-02 12:30 – Updated: 2024-06-02 12:30
VLAI
Details

A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266838 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-5587"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-02T10:15:07Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266838 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-cfc9-xjpj-j334",
  "modified": "2024-06-02T12:30:51Z",
  "published": "2024-06-02T12:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5587"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.266838"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.266838"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.343357"
    },
    {
      "type": "WEB",
      "url": "https://www.yuque.com/yuqueyonghunhj6tg/ygf5oy/wkwg66pioe4f5av0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CGGM-HMMC-252C

Vulnerability from github – Published: 2023-02-17 18:30 – Updated: 2023-02-28 18:30
VLAI
Details

The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-0822"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285",
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-17T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.",
  "id": "GHSA-cggm-hmmc-252c",
  "modified": "2023-02-28T18:30:18Z",
  "published": "2023-02-17T18:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0822"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CH4V-95R5-XC38

Vulnerability from github – Published: 2024-02-02 18:30 – Updated: 2024-02-06 21:30
VLAI
Details

MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-24161"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-02T16:15:55Z",
    "severity": "HIGH"
  },
  "details": "MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered.",
  "id": "GHSA-ch4v-95r5-xc38",
  "modified": "2024-02-06T21:30:26Z",
  "published": "2024-02-02T18:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24161"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wy876/cve/issues/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CH9J-8468-3H2Q

Vulnerability from github – Published: 2025-08-28 15:30 – Updated: 2025-08-28 15:30
VLAI
Details

Files or directories accessible to external parties issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If exploited, uploaded files and SS1 configuration files may be accessed by a remote unauthenticated attacker.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-52460"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-28T09:15:32Z",
    "severity": "MODERATE"
  },
  "details": "Files or directories accessible to external parties issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If exploited, uploaded files and SS1 configuration files may be accessed by a remote unauthenticated attacker.",
  "id": "GHSA-ch9j-8468-3h2q",
  "modified": "2025-08-28T15:30:39Z",
  "published": "2025-08-28T15:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52460"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN99577552"
    },
    {
      "type": "WEB",
      "url": "https://www.dos-osaka.co.jp/news/2025/08/250827.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-CJ5G-8945-Q3RG

Vulnerability from github – Published: 2025-05-28 15:34 – Updated: 2025-05-28 15:34
VLAI
Details

Lack of file validation in do_update_vps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-4134"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-28T14:15:34Z",
    "severity": "HIGH"
  },
  "details": "Lack of file validation in do_update_vps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write.",
  "id": "GHSA-cj5g-8945-q3rg",
  "modified": "2025-05-28T15:34:34Z",
  "published": "2025-05-28T15:34:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4134"
    },
    {
      "type": "WEB",
      "url": "https://www.gendigital.com/us/en/contact-us/security-advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CJ9X-63FV-GCXG

Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-12 18:30
VLAI
Details

Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-32185"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-12T18:16:59Z",
    "severity": "MODERATE"
  },
  "details": "Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.",
  "id": "GHSA-cj9x-63fv-gcxg",
  "modified": "2026-05-12T18:30:41Z",
  "published": "2026-05-12T18:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32185"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32185"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CM58-6J6X-C433

Vulnerability from github – Published: 2025-12-24 21:30 – Updated: 2025-12-24 21:30
VLAI
Details

Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/m_cli/', and '/tmp' to access system passwords and network settings.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-25145"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-24T20:15:48Z",
    "severity": "HIGH"
  },
  "details": "Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including \u0027/www\u0027, \u0027/etc/m_cli/\u0027, and \u0027/tmp\u0027 to access system passwords and network settings.",
  "id": "GHSA-cm58-6j6x-c433",
  "modified": "2025-12-24T21:30:32Z",
  "published": "2025-12-24T21:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25145"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/45036"
    },
    {
      "type": "WEB",
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5484.php"
    },
    {
      "type": "WEB",
      "url": "http://www.microhardcorp.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-CPW2-38GC-47VQ

Vulnerability from github – Published: 2025-03-06 18:31 – Updated: 2025-03-06 18:31
VLAI
Details

SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe.php.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-25799"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T15:15:27Z",
    "severity": "MODERATE"
  },
  "details": "SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe.php.",
  "id": "GHSA-cpw2-38gc-47vq",
  "modified": "2025-03-06T18:31:03Z",
  "published": "2025-03-06T18:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25799"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Ka7arotto/Seacms/blob/main/Seacms13.3-lrf.md"
    },
    {
      "type": "WEB",
      "url": "https://www.seacms.com"
    },
    {
      "type": "WEB",
      "url": "http://seacms.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CQMH-PCGR-Q42F

Vulnerability from github – Published: 2026-05-06 23:23 – Updated: 2026-05-06 23:23
VLAI
Summary
@axonflow/openclaw fix introduces plugin cache and credential-file permission hardening
Details

Summary

Two related permission defects in this AxonFlow plugin allowed registration credentials and cache state to be readable by other local users on hosts where the calling user's home directory was at the conventional 0755 mode.

Affected versions

Versions 1.3.2 and below.

Impact

  1. Cache and config directory mode. The plugin's directories under ~/.config/axonflow/ and ~/.cache/axonflow/ were created with the umask-derived default mode (often 0755) on first use and not subsequently re-validated. On systems where ~/.config/ is itself 0755, the plugin's registration record (including a hashed credential and instance_id) was traversable by other local users.
  2. Credential file mode at load time. The plugin loaded its try-registration.json credential file without validating that the file mode was 0600. A registration file written by a misconfigured tool, copied across systems, or restored from backup could end up world-readable, and the plugin would silently use it.

The fix restores 0700 on all plugin directories on every plugin invocation (not only first creation) and refuses to load credential files with non-0600 modes.

Remediation

Upgrade to the patched plugin version listed under Vulnerabilities. On startup the plugin will repair existing directory modes; existing credential files with overly permissive modes will be refused, requiring the user to re-register or chmod 0600 the file.

Credit

Identified by AxonFlow internal security review.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@axonflow/openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-552",
      "CWE-732"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-06T23:23:25Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nTwo related permission defects in this AxonFlow plugin allowed registration credentials and cache state to be readable by other local users on hosts where the calling user\u0027s home directory was at the conventional `0755` mode.\n\n## Affected versions\n\nVersions 1.3.2 and below.\n\n## Impact\n\n1. **Cache and config directory mode.** The plugin\u0027s directories under `~/.config/axonflow/` and `~/.cache/axonflow/` were created with the umask-derived default mode (often `0755`) on first use and not subsequently re-validated. On systems where `~/.config/` is itself `0755`, the plugin\u0027s registration record (including a hashed credential and `instance_id`) was traversable by other local users.\n2. **Credential file mode at load time.** The plugin loaded its `try-registration.json` credential file without validating that the file mode was `0600`. A registration file written by a misconfigured tool, copied across systems, or restored from backup could end up world-readable, and the plugin would silently use it.\n\nThe fix restores `0700` on all plugin directories on every plugin invocation (not only first creation) and refuses to load credential files with non-`0600` modes.\n\n## Remediation\n\nUpgrade to the patched plugin version listed under Vulnerabilities. On startup the plugin will repair existing directory modes; existing credential files with overly permissive modes will be refused, requiring the user to re-register or `chmod 0600` the file.\n\n## Credit\n\nIdentified by AxonFlow internal security review.",
  "id": "GHSA-cqmh-pcgr-q42f",
  "modified": "2026-05-06T23:23:25Z",
  "published": "2026-05-06T23:23:25Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/getaxonflow/axonflow-openclaw-plugin/security/advisories/GHSA-cqmh-pcgr-q42f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/getaxonflow/axonflow-openclaw-plugin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "@axonflow/openclaw fix introduces plugin cache and credential-file permission hardening"
}

GHSA-CQWJ-XMCH-H6Q7

Vulnerability from github – Published: 2026-01-13 21:31 – Updated: 2026-01-13 21:31
VLAI
Details

An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation of this vulnerability could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-37177"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-13T20:16:05Z",
    "severity": "MODERATE"
  },
  "details": "An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation of this vulnerability could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.",
  "id": "GHSA-cqwj-xmch-h6q7",
  "modified": "2026-01-13T21:31:45Z",
  "published": "2026-01-13T21:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37177"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04987en_us\u0026docLocale=en_US"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.

CAPEC-150: Collect Data from Common Resource Locations

An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.

CAPEC-639: Probe System Files

An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.