CWE-552
AllowedFiles or Directories Accessible to External Parties
Abstraction: Base · Status: Draft
The product makes files or directories accessible to unauthorized actors, even though they should not be.
670 vulnerabilities reference this CWE, most recent first.
GHSA-CFC9-XJPJ-J334
Vulnerability from github – Published: 2024-06-02 12:30 – Updated: 2024-06-02 12:30A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266838 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2024-5587"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-02T10:15:07Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266838 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-cfc9-xjpj-j334",
"modified": "2024-06-02T12:30:51Z",
"published": "2024-06-02T12:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5587"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.266838"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.266838"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.343357"
},
{
"type": "WEB",
"url": "https://www.yuque.com/yuqueyonghunhj6tg/ygf5oy/wkwg66pioe4f5av0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CGGM-HMMC-252C
Vulnerability from github – Published: 2023-02-17 18:30 – Updated: 2023-02-28 18:30The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.
{
"affected": [],
"aliases": [
"CVE-2023-0822"
],
"database_specific": {
"cwe_ids": [
"CWE-285",
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-17T17:15:00Z",
"severity": "HIGH"
},
"details": "The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.",
"id": "GHSA-cggm-hmmc-252c",
"modified": "2023-02-28T18:30:18Z",
"published": "2023-02-17T18:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0822"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CH4V-95R5-XC38
Vulnerability from github – Published: 2024-02-02 18:30 – Updated: 2024-02-06 21:30MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered.
{
"affected": [],
"aliases": [
"CVE-2024-24161"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-02T16:15:55Z",
"severity": "HIGH"
},
"details": "MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered.",
"id": "GHSA-ch4v-95r5-xc38",
"modified": "2024-02-06T21:30:26Z",
"published": "2024-02-02T18:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24161"
},
{
"type": "WEB",
"url": "https://github.com/wy876/cve/issues/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CH9J-8468-3H2Q
Vulnerability from github – Published: 2025-08-28 15:30 – Updated: 2025-08-28 15:30Files or directories accessible to external parties issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If exploited, uploaded files and SS1 configuration files may be accessed by a remote unauthenticated attacker.
{
"affected": [],
"aliases": [
"CVE-2025-52460"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-28T09:15:32Z",
"severity": "MODERATE"
},
"details": "Files or directories accessible to external parties issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If exploited, uploaded files and SS1 configuration files may be accessed by a remote unauthenticated attacker.",
"id": "GHSA-ch9j-8468-3h2q",
"modified": "2025-08-28T15:30:39Z",
"published": "2025-08-28T15:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52460"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN99577552"
},
{
"type": "WEB",
"url": "https://www.dos-osaka.co.jp/news/2025/08/250827.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-CJ5G-8945-Q3RG
Vulnerability from github – Published: 2025-05-28 15:34 – Updated: 2025-05-28 15:34Lack of file validation in do_update_vps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write.
{
"affected": [],
"aliases": [
"CVE-2025-4134"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-28T14:15:34Z",
"severity": "HIGH"
},
"details": "Lack of file validation in do_update_vps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write.",
"id": "GHSA-cj5g-8945-q3rg",
"modified": "2025-05-28T15:34:34Z",
"published": "2025-05-28T15:34:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4134"
},
{
"type": "WEB",
"url": "https://www.gendigital.com/us/en/contact-us/security-advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CJ9X-63FV-GCXG
Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-12 18:30Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
{
"affected": [],
"aliases": [
"CVE-2026-32185"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-12T18:16:59Z",
"severity": "MODERATE"
},
"details": "Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.",
"id": "GHSA-cj9x-63fv-gcxg",
"modified": "2026-05-12T18:30:41Z",
"published": "2026-05-12T18:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32185"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32185"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CM58-6J6X-C433
Vulnerability from github – Published: 2025-12-24 21:30 – Updated: 2025-12-24 21:30Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/m_cli/', and '/tmp' to access system passwords and network settings.
{
"affected": [],
"aliases": [
"CVE-2018-25145"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-24T20:15:48Z",
"severity": "HIGH"
},
"details": "Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including \u0027/www\u0027, \u0027/etc/m_cli/\u0027, and \u0027/tmp\u0027 to access system passwords and network settings.",
"id": "GHSA-cm58-6j6x-c433",
"modified": "2025-12-24T21:30:32Z",
"published": "2025-12-24T21:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25145"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/45036"
},
{
"type": "WEB",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5484.php"
},
{
"type": "WEB",
"url": "http://www.microhardcorp.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-CPW2-38GC-47VQ
Vulnerability from github – Published: 2025-03-06 18:31 – Updated: 2025-03-06 18:31SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe.php.
{
"affected": [],
"aliases": [
"CVE-2025-25799"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T15:15:27Z",
"severity": "MODERATE"
},
"details": "SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe.php.",
"id": "GHSA-cpw2-38gc-47vq",
"modified": "2025-03-06T18:31:03Z",
"published": "2025-03-06T18:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25799"
},
{
"type": "WEB",
"url": "https://github.com/Ka7arotto/Seacms/blob/main/Seacms13.3-lrf.md"
},
{
"type": "WEB",
"url": "https://www.seacms.com"
},
{
"type": "WEB",
"url": "http://seacms.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CQMH-PCGR-Q42F
Vulnerability from github – Published: 2026-05-06 23:23 – Updated: 2026-05-06 23:23Summary
Two related permission defects in this AxonFlow plugin allowed registration credentials and cache state to be readable by other local users on hosts where the calling user's home directory was at the conventional 0755 mode.
Affected versions
Versions 1.3.2 and below.
Impact
- Cache and config directory mode. The plugin's directories under
~/.config/axonflow/and~/.cache/axonflow/were created with the umask-derived default mode (often0755) on first use and not subsequently re-validated. On systems where~/.config/is itself0755, the plugin's registration record (including a hashed credential andinstance_id) was traversable by other local users. - Credential file mode at load time. The plugin loaded its
try-registration.jsoncredential file without validating that the file mode was0600. A registration file written by a misconfigured tool, copied across systems, or restored from backup could end up world-readable, and the plugin would silently use it.
The fix restores 0700 on all plugin directories on every plugin invocation (not only first creation) and refuses to load credential files with non-0600 modes.
Remediation
Upgrade to the patched plugin version listed under Vulnerabilities. On startup the plugin will repair existing directory modes; existing credential files with overly permissive modes will be refused, requiring the user to re-register or chmod 0600 the file.
Credit
Identified by AxonFlow internal security review.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@axonflow/openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-552",
"CWE-732"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-06T23:23:25Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "## Summary\n\nTwo related permission defects in this AxonFlow plugin allowed registration credentials and cache state to be readable by other local users on hosts where the calling user\u0027s home directory was at the conventional `0755` mode.\n\n## Affected versions\n\nVersions 1.3.2 and below.\n\n## Impact\n\n1. **Cache and config directory mode.** The plugin\u0027s directories under `~/.config/axonflow/` and `~/.cache/axonflow/` were created with the umask-derived default mode (often `0755`) on first use and not subsequently re-validated. On systems where `~/.config/` is itself `0755`, the plugin\u0027s registration record (including a hashed credential and `instance_id`) was traversable by other local users.\n2. **Credential file mode at load time.** The plugin loaded its `try-registration.json` credential file without validating that the file mode was `0600`. A registration file written by a misconfigured tool, copied across systems, or restored from backup could end up world-readable, and the plugin would silently use it.\n\nThe fix restores `0700` on all plugin directories on every plugin invocation (not only first creation) and refuses to load credential files with non-`0600` modes.\n\n## Remediation\n\nUpgrade to the patched plugin version listed under Vulnerabilities. On startup the plugin will repair existing directory modes; existing credential files with overly permissive modes will be refused, requiring the user to re-register or `chmod 0600` the file.\n\n## Credit\n\nIdentified by AxonFlow internal security review.",
"id": "GHSA-cqmh-pcgr-q42f",
"modified": "2026-05-06T23:23:25Z",
"published": "2026-05-06T23:23:25Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/getaxonflow/axonflow-openclaw-plugin/security/advisories/GHSA-cqmh-pcgr-q42f"
},
{
"type": "PACKAGE",
"url": "https://github.com/getaxonflow/axonflow-openclaw-plugin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "@axonflow/openclaw fix introduces plugin cache and credential-file permission hardening"
}
GHSA-CQWJ-XMCH-H6Q7
Vulnerability from github – Published: 2026-01-13 21:31 – Updated: 2026-01-13 21:31An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation of this vulnerability could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.
{
"affected": [],
"aliases": [
"CVE-2025-37177"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-13T20:16:05Z",
"severity": "MODERATE"
},
"details": "An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation of this vulnerability could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.",
"id": "GHSA-cqwj-xmch-h6q7",
"modified": "2026-01-13T21:31:45Z",
"published": "2026-01-13T21:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37177"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04987en_us\u0026docLocale=en_US"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.
CAPEC-150: Collect Data from Common Resource Locations
An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.
CAPEC-639: Probe System Files
An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.