CWE-552
AllowedFiles or Directories Accessible to External Parties
Abstraction: Base · Status: Draft
The product makes files or directories accessible to unauthorized actors, even though they should not be.
670 vulnerabilities reference this CWE, most recent first.
GHSA-CR3P-79Q9-PW9W
Vulnerability from github – Published: 2025-09-17 00:31 – Updated: 2025-09-17 00:31A vulnerability in the command-line interface of EdgeConnect SD-WAN could allow an authenticated attacker to read arbitrary files within the system. Successful exploitation could allow an attacker to read sensitive data from the underlying file system.
{
"affected": [],
"aliases": [
"CVE-2025-37130"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-16T23:15:32Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the command-line interface of EdgeConnect SD-WAN could allow an authenticated attacker to read arbitrary files within the system. Successful exploitation could allow an attacker to read sensitive data from the underlying file system.",
"id": "GHSA-cr3p-79q9-pw9w",
"modified": "2025-09-17T00:31:12Z",
"published": "2025-09-17T00:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37130"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04943en_us\u0026docLocale=en_US"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CRGW-M82J-JV5C
Vulnerability from github – Published: 2024-01-29 21:30 – Updated: 2024-01-29 21:30Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.
An unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted.
This issue affects AppBuilder: from 21.2 before 23.2.
{
"affected": [],
"aliases": [
"CVE-2023-4550"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-29T21:15:08Z",
"severity": "HIGH"
},
"details": "Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.\n\nAn unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted. \n\n\nThis issue affects AppBuilder: from 21.2 before 23.2.\n\n",
"id": "GHSA-crgw-m82j-jv5c",
"modified": "2024-01-29T21:30:27Z",
"published": "2024-01-29T21:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4550"
},
{
"type": "WEB",
"url": "https://support.opentext.com/csm?id=ot_kb_search\u0026kb_category=61648712db61781068cfd6c4e296197b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CRH4-W845-25FV
Vulnerability from github – Published: 2022-08-31 00:00 – Updated: 2022-09-07 00:01Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi-bin/DownloadFlash which allows attackers to steal all data such as source code and system files via a crafted GET request.
{
"affected": [],
"aliases": [
"CVE-2022-36552"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-30T16:15:00Z",
"severity": "HIGH"
},
"details": "Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi-bin/DownloadFlash which allows attackers to steal all data such as source code and system files via a crafted GET request.",
"id": "GHSA-crh4-w845-25fv",
"modified": "2022-09-07T00:01:53Z",
"published": "2022-08-31T00:00:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36552"
},
{
"type": "WEB",
"url": "https://drive.google.com/drive/folders/1VxR4lhaWNWLuAPdJK2aRF6zfo_mRyiFO?usp=sharing"
},
{
"type": "WEB",
"url": "http://ac6ac1200.com"
},
{
"type": "WEB",
"url": "http://tenda.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CV3V-7846-6PXM
Vulnerability from github – Published: 2020-09-03 21:15 – Updated: 2021-09-29 19:59Versions of node-git-server prior to 0.6.1 are vulnerable to Unauthorized File Access. It is possible to access any git repository by using absolute paths, which may allow attackers to access private repositories.
Recommendation
Upgrade to version 0.6.1 or later.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "node-git-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": true,
"github_reviewed_at": "2020-08-31T18:51:11Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Versions of `node-git-server` prior to 0.6.1 are vulnerable to Unauthorized File Access. It is possible to access any git repository by using absolute paths, which may allow attackers to access private repositories.\n\n\n## Recommendation\n\nUpgrade to version 0.6.1 or later.",
"id": "GHSA-cv3v-7846-6pxm",
"modified": "2021-09-29T19:59:01Z",
"published": "2020-09-03T21:15:19Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/gabrielcsapo/node-git-server/pull/62"
},
{
"type": "WEB",
"url": "https://github.com/gabrielcsapo/node-git-server/commit/ac26650f69bc445d71e4f2c55328676d10a4be43"
},
{
"type": "PACKAGE",
"url": "https://github.com/gabrielcsapo/node-git-server"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-NODEGITSERVER-474343"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/1214"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Unauthorized File Access in node-git-server"
}
GHSA-CVVV-49VH-384Q
Vulnerability from github – Published: 2026-03-06 09:31 – Updated: 2026-03-06 09:31An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access without authentication. This includes device parameter files, enabling an attacker to read and modify application settings, including customer-defined passwords. Additionally, exposure of the custom application directory may allow execution of arbitrary Lua code within the sandboxed AppEngine environment.
{
"affected": [],
"aliases": [
"CVE-2026-2331"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-06T08:16:27Z",
"severity": "CRITICAL"
},
"details": "An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access without authentication. This includes device parameter files, enabling an attacker to read and modify application settings, including customer-defined passwords. Additionally, exposure of the custom application directory may allow execution of arbitrary Lua code within the sandboxed AppEngine environment.",
"id": "GHSA-cvvv-49vh-384q",
"modified": "2026-03-06T09:31:33Z",
"published": "2026-03-06T09:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2331"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"type": "WEB",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"type": "WEB",
"url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.json"
},
{
"type": "WEB",
"url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.pdf"
},
{
"type": "WEB",
"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
},
{
"type": "WEB",
"url": "https://www.sick.com/psirt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CW6G-QMJQ-6W2W
Vulnerability from github – Published: 2024-11-13 14:15 – Updated: 2024-11-13 18:58Summary
By abusing the mail notification template it is possible to read arbitrary operating system files.
Details
The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function within a system notification template, the attacker can exfiltrate the Base64-encoded file content through a triggered system email notification. Once the email is received, the Base64 payload can be decoded, allowing the attacker to read arbitrary files on the server.
Requirements: * write permissions to system notification templates * ability to trigger a corresponding system email
PoC
1) Modify a template to contain the following twig template string:
{{ dataUrl('/var/www/web/.env') }}
2) Trigger the corresponding notification email (e.g. by resetting a password) 3) Receive the email and decode the base64 string
Mail received:
Decoded string:
Impact
1) Exposure of Sensitive Information: Arbitrary file read can lead to the exposure of sensitive data such as configuration files (e.g., /etc/passwd, .env, config.php), which may contain credentials, API keys, or database passwords. This can provide the attacker with further access to the system or connected services.
2) Privilege Escalation: If the attacker is able to read files that contain privileged information, such as credentials for other systems or applications, they may be able to escalate their privileges beyond what the web admin role originally allowed, potentially gaining full control over the server or other related systems.
3) Server Compromise: Access to files like SSH keys, private certificates, or system configuration files can lead to the complete compromise of the underlying server. With this information, an attacker could remotely log in to the server or impersonate it in secure communications.
4) Exfiltration of User Data: The ability to read arbitrary files may allow an attacker to access user data, such as stored passwords, session tokens, or private information (like uploaded files or logs), leading to a breach of confidentiality and violating privacy regulations (e.g., GDPR).
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.4.7.1"
},
"package": {
"ecosystem": "Packagist",
"name": "craftcms/cms"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0-alpha.1"
},
{
"fixed": "5.4.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.12.6.1"
},
"package": {
"ecosystem": "Packagist",
"name": "craftcms/cms"
},
"ranges": [
{
"events": [
{
"introduced": "3.5.13"
},
{
"fixed": "4.12.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-52292"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-552"
],
"github_reviewed": true,
"github_reviewed_at": "2024-11-13T14:15:39Z",
"nvd_published_at": "2024-11-13T17:15:12Z",
"severity": "HIGH"
},
"details": "### Summary\nBy abusing the mail notification template it is possible to read arbitrary operating system files. \n\n### Details\nThe [dataUrl](https://craftcms.com/docs/3.x/dev/functions.html#dataurl) function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file\u0027s content, and converts it into a Base64-encoded string. By embedding this function within a system notification template, the attacker can exfiltrate the Base64-encoded file content through a triggered system email notification. Once the email is received, the Base64 payload can be decoded, allowing the attacker to read arbitrary files on the server.\n\nRequirements:\n* write permissions to system notification templates\n* ability to trigger a corresponding system email\n\n### PoC\n1) Modify a template to contain the following twig template string:\n```twig\n{{ dataUrl(\u0027/var/www/web/.env\u0027) }}\n```\n2) Trigger the corresponding notification email (e.g. by resetting a password)\n3) Receive the email and decode the base64 string\n\nMail received:\n\n\nDecoded string:\n\n\n\n### Impact\n1) Exposure of Sensitive Information: Arbitrary file read can lead to the exposure of sensitive data such as configuration files (e.g., /etc/passwd, .env, config.php), which may contain credentials, API keys, or database passwords. This can provide the attacker with further access to the system or connected services.\n\n2) Privilege Escalation: If the attacker is able to read files that contain privileged information, such as credentials for other systems or applications, they may be able to escalate their privileges beyond what the web admin role originally allowed, potentially gaining full control over the server or other related systems.\n\n3) Server Compromise: Access to files like SSH keys, private certificates, or system configuration files can lead to the complete compromise of the underlying server. With this information, an attacker could remotely log in to the server or impersonate it in secure communications.\n\n4) Exfiltration of User Data: The ability to read arbitrary files may allow an attacker to access user data, such as stored passwords, session tokens, or private information (like uploaded files or logs), leading to a breach of confidentiality and violating privacy regulations (e.g., GDPR).\n",
"id": "GHSA-cw6g-qmjq-6w2w",
"modified": "2024-11-13T18:58:35Z",
"published": "2024-11-13T14:15:39Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/craftcms/cms/security/advisories/GHSA-cw6g-qmjq-6w2w"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52292"
},
{
"type": "PACKAGE",
"url": "https://github.com/craftcms/cms"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Craft CMS Arbitrary System File Read"
}
GHSA-CWJ7-4Q2C-HMXJ
Vulnerability from github – Published: 2023-09-12 21:30 – Updated: 2025-09-12 21:32Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.
Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
{
"affected": [],
"aliases": [
"CVE-2023-3712"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-12T20:15:09Z",
"severity": "HIGH"
},
"details": "Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.\u00a0\n\nUpdate to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).",
"id": "GHSA-cwj7-4q2c-hmxj",
"modified": "2025-09-12T21:32:14Z",
"published": "2023-09-12T21:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3712"
},
{
"type": "WEB",
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004"
},
{
"type": "WEB",
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A"
},
{
"type": "WEB",
"url": "https://www.honeywell.com/us/en/product-security"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CWX6-6644-WW5X
Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2022-05-13 01:43IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force ID: 125462.
{
"affected": [],
"aliases": [
"CVE-2017-1308"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-13T15:29:00Z",
"severity": "MODERATE"
},
"details": "IBM Daeja ViewONE Professional, Standard \u0026 Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force ID: 125462.",
"id": "GHSA-cwx6-6644-ww5x",
"modified": "2022-05-13T01:43:00Z",
"published": "2022-05-13T01:43:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1308"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125462"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003806"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99549"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CXJP-8RHJ-F8C5
Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2025-02-10 15:32A vulnerability was found in SourceCodester Online Birth Certificate Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264742 is the identifier assigned to this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2024-5045"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-17T13:15:59Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in SourceCodester Online Birth Certificate Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264742 is the identifier assigned to this vulnerability.",
"id": "GHSA-cxjp-8rhj-f8c5",
"modified": "2025-02-10T15:32:11Z",
"published": "2024-05-17T15:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5045"
},
{
"type": "WEB",
"url": "https://github.com/HuoMingZ/aoligei/blob/main/yuzu.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.264742"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.264742"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.335384"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-F22J-9J59-33J4
Vulnerability from github – Published: 2024-07-15 09:36 – Updated: 2025-03-14 20:24In Apache Linkis = 1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out.
Versions of Apache Linkis = 1.4.0 will be affected.
We recommend users upgrade the version of Linkis to version 1.6.0.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.linkis:linkis-datasource"
},
"ranges": [
{
"events": [
{
"introduced": "1.4.0"
},
{
"fixed": "1.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-41916"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": true,
"github_reviewed_at": "2024-07-15T17:35:53Z",
"nvd_published_at": "2024-07-15T08:15:02Z",
"severity": "HIGH"
},
"details": "In Apache Linkis = 1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger\u00a0arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. \n\nVersions of Apache Linkis = 1.4.0 will be affected.\u00a0\n\nWe recommend users upgrade the version of Linkis to version 1.6.0.",
"id": "GHSA-f22j-9j59-33j4",
"modified": "2025-03-14T20:24:32Z",
"published": "2024-07-15T09:36:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41916"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/linkis"
},
{
"type": "WEB",
"url": "https://linkis.apache.org/download/release-notes-1.6.0"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/dxkpwyoxy1jpdwlpqp15zvo0jxn4v729"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/13/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Apache Linkis DataSource allows arbitrary file reading"
}
Mitigation
When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.
CAPEC-150: Collect Data from Common Resource Locations
An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.
CAPEC-639: Probe System Files
An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.