Common Weakness Enumeration

CWE-552

Allowed

Files or Directories Accessible to External Parties

Abstraction: Base · Status: Draft

The product makes files or directories accessible to unauthorized actors, even though they should not be.

670 vulnerabilities reference this CWE, most recent first.

GHSA-HFRC-JQ43-4M6C

Vulnerability from github – Published: 2023-07-13 09:30 – Updated: 2025-11-04 00:30
VLAI
Details

JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-29450"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-13T09:15:09Z",
    "severity": "HIGH"
  },
  "details": "JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user \"zabbix\") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.",
  "id": "GHSA-hfrc-jq43-4m6c",
  "modified": "2025-11-04T00:30:38Z",
  "published": "2023-07-13T09:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29450"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00027.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "https://support.zabbix.com/browse/ZBX-22588"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HFV2-PF68-M33X

Vulnerability from github – Published: 2025-12-09 17:12 – Updated: 2025-12-09 21:37
VLAI
Summary
Umbraco Vulnerable to Improper File Access and Credential Exposure in Dictionary Import Functionality
Details

Impact

Due to unsafe handling and deletion of temporary files during the dictionary upload process, an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses (HTTP 500 when a file exists, 404 when it does not) allow the attacker to enumerate the existence of arbitrary files on the server’s filesystem. This vulnerability does not allow reading or writing file contents.

In certain configurations, incomplete clean-up of temporary upload files may additionally expose the NTLM hash of the Windows account running the Umbraco application. The direct impact of this vulnerability is therefore limited to confidentiality, which is reflected in its CVSS base score of 4.9

While the CVSS Base Score captures only the immediate effect, the practical risk varies significantly based on hosting environment and identity configuration. Umbraco Cloud sites run under low-privilege, isolated Azure App Service worker identities, which mitigates the impact of any credential exposure. In contrast, self-hosted deployments could run Umbraco using privileged local or domain accounts. If such an account’s NTLM hash is disclosed, an attacker may be able to: - Perform NTLM relay attacks - Crack the hash offline to recover the underlying password - Authenticate as the compromised identity - Access internal systems trusted by that identity - Move laterally within the network - Potentially escalate to full domain compromise in weakly segmented environments

These outcomes are not part of the CVSS base score, which only rates the immediate confidentiality impact, but represent realistic downstream consequences for installations using elevated or widely-trusted service accounts. Self-hosted environments running Umbraco under privileged identities are therefore at significantly higher risk.

Vulnerability found and reported by Tomasz Holeksa at Pentest Limited

Patches

The issue has been patched in 13.12.1.

Workarounds

The issue can only be exploited by authorized backoffice accounts with access to the "Translations" section.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 13.12.0"
      },
      "package": {
        "ecosystem": "NuGet",
        "name": "Umbraco.Cms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.0.0"
            },
            {
              "fixed": "13.12.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-66625"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-377",
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-09T17:12:18Z",
    "nvd_published_at": "2025-12-09T20:15:55Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nDue to unsafe handling and deletion of temporary files during the dictionary upload process, an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application\u2019s error responses (HTTP 500 when a file exists, 404 when it does not) allow the attacker to enumerate the existence of arbitrary files on the server\u2019s filesystem. This vulnerability does not allow reading or writing file contents.\n\nIn certain configurations, incomplete clean-up of temporary upload files may additionally expose the NTLM hash of the Windows account running the Umbraco application. The direct impact of this vulnerability is therefore limited to confidentiality, which is reflected in its CVSS base score of 4.9\n\nWhile the CVSS Base Score captures only the immediate effect, the practical risk varies significantly based on hosting environment and identity configuration. Umbraco Cloud sites run under low-privilege, isolated Azure App Service worker identities, which mitigates the impact of any credential exposure. In contrast, self-hosted deployments could run Umbraco using privileged local or domain accounts. If such an account\u2019s NTLM hash is disclosed, an attacker may be able to:\n- Perform NTLM relay attacks\n- Crack the hash offline to recover the underlying password\n- Authenticate as the compromised identity\n- Access internal systems trusted by that identity\n- Move laterally within the network\n- Potentially escalate to full domain compromise in weakly segmented environments\n\nThese outcomes are not part of the CVSS base score, which only rates the immediate confidentiality impact, but represent realistic downstream consequences for installations using elevated or widely-trusted service accounts. Self-hosted environments running Umbraco under privileged identities are therefore at significantly higher risk.\n\nVulnerability found and reported by Tomasz Holeksa at Pentest Limited\n\n### Patches\nThe issue has been patched in 13.12.1.\n\n### Workarounds\nThe issue can only be exploited by authorized backoffice accounts with access to the \"Translations\" section.",
  "id": "GHSA-hfv2-pf68-m33x",
  "modified": "2025-12-09T21:37:25Z",
  "published": "2025-12-09T17:12:18Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-hfv2-pf68-m33x"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66625"
    },
    {
      "type": "WEB",
      "url": "https://github.com/umbraco/Umbraco-CMS/commit/7505efd433189037f46547932d4a8b603fd4a615"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/umbraco/Umbraco-CMS"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Umbraco Vulnerable to Improper File Access and Credential Exposure in Dictionary Import Functionality"
}

GHSA-HFWX-C7Q6-G54C

Vulnerability from github – Published: 2021-03-12 23:04 – Updated: 2021-03-12 22:32
VLAI
Summary
Vulnerability allowing for reading internal HTTP resources
Details

Impact

The vulnerability allows for reading and outputting files served by other services on the internal network in which the export server is hosted. If the export server is exposed to the internet, this potentially allows a malicious user to gain read access to internal web-resources.

The impact is limited to internal services that serve content via. HTTP(S), and requires the attacker to know internal hostnames/IP addresses.

The previous versions have been marked as deprecated on NPM.

Patches

Version 2.1.0 released alongside this security advisory addresses the issue. Please note that this release is not backwards compatible out of the box. See the changelog for details.

Additionally, it's also recommended to upgrade to the latest version of Highcharts to get the added input sanitation implemented in version 9.0 and later.

Workarounds

There are no known workarounds to the issue - an upgrade to version 2.1.0 is required.

For more information

If you have any questions or comments about this advisory: * Open an issue in the export server issue tracker * Email us at security@highsoft.com

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.0.30"
      },
      "package": {
        "ecosystem": "npm",
        "name": "highcharts-export-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-03-12T22:32:16Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\n\nThe vulnerability allows for reading and outputting files served by other services on the internal network in which the export server is hosted. If the export server is exposed to the internet, this potentially allows a malicious user to gain read access to internal web-resources.\n\nThe impact is limited to internal services that serve content via. HTTP(S), and requires the attacker to know internal hostnames/IP addresses.\n\nThe previous versions have been marked as deprecated on NPM.\n\n### Patches\n\nVersion 2.1.0 released alongside this security advisory addresses the issue. **Please note that this release is not backwards compatible out of the box. See the [changelog](https://github.com/highcharts/node-export-server/blob/master/CHANGELOG.md) for details.**\n\nAdditionally, it\u0027s also recommended to upgrade to the latest version of Highcharts to get the added input sanitation implemented in version 9.0 and later. \n\n### Workarounds\n\nThere are no known workarounds to the issue - an upgrade to version 2.1.0 is required.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [the export server issue tracker](https://github.com/highcharts/node-export-server/issues)\n* Email us at [security@highsoft.com](mailto:security@highsoft.com)",
  "id": "GHSA-hfwx-c7q6-g54c",
  "modified": "2021-03-12T22:32:16Z",
  "published": "2021-03-12T23:04:46Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/highcharts/node-export-server/security/advisories/GHSA-hfwx-c7q6-g54c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/highcharts/node-export-server/commit/53fa992a96785a5a08390e55ec30ea2ad217dfe6"
    },
    {
      "type": "WEB",
      "url": "https://github.com/highcharts/node-export-server/blob/master/CHANGELOG.md#210"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/package/highcharts-export-server"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Vulnerability allowing for reading internal HTTP resources"
}

GHSA-HG22-XHFQ-MFRQ

Vulnerability from github – Published: 2022-07-18 00:00 – Updated: 2022-07-19 00:00
VLAI
Details

The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2222"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-17T11:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup.",
  "id": "GHSA-hg22-xhfq-mfrq",
  "modified": "2022-07-19T00:00:27Z",
  "published": "2022-07-18T00:00:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2222"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/dd48624a-1781-419c-a3c4-1e3eaf5e2c1b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HG36-F8HX-FRW9

Vulnerability from github – Published: 2023-09-06 12:30 – Updated: 2024-04-04 07:31
VLAI
Details

File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4588"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-06T12:15:07Z",
    "severity": "MODERATE"
  },
  "details": "File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application\u0027s webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text.",
  "id": "GHSA-hg36-f8hx-frw9",
  "modified": "2024-04-04T07:31:50Z",
  "published": "2023-09-06T12:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4588"
    },
    {
      "type": "WEB",
      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HHGH-4VPC-8C58

Vulnerability from github – Published: 2025-03-06 21:31 – Updated: 2025-03-06 21:31
VLAI
Details

A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /upload/. The manipulation leads to exposure of information through directory listing. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2038"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548",
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-06T20:15:38Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /upload/. The manipulation leads to exposure of information through directory listing. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-hhgh-4vpc-8c58",
  "modified": "2025-03-06T21:31:27Z",
  "published": "2025-03-06T21:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2038"
    },
    {
      "type": "WEB",
      "url": "https://code-projects.org"
    },
    {
      "type": "WEB",
      "url": "https://github.com/intercpt/XSS1/blob/main/Directorylisting.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.298781"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.298781"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.512558"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-HJ6H-FPV2-5H4V

Vulnerability from github – Published: 2025-10-09 18:30 – Updated: 2025-11-04 21:31
VLAI
Details

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. 

This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-11371"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-220",
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-09T17:15:58Z",
    "severity": "MODERATE"
  },
  "details": "In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.\u00a0\n\nThis issue impacts Gladinet CentreStack and Triofox: All versions prior to and including\u00a016.7.10368.56560",
  "id": "GHSA-hj6h-fpv2-5h4v",
  "modified": "2025-11-04T21:31:32Z",
  "published": "2025-10-09T18:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11371"
    },
    {
      "type": "WEB",
      "url": "https://www.centrestack.com/p/gce_latest_release.html"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-11371"
    },
    {
      "type": "WEB",
      "url": "https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HJHP-PRGP-PR6H

Vulnerability from github – Published: 2023-05-17 18:30 – Updated: 2023-05-17 18:30
VLAI
Details

A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229271. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2766"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-17T17:15:17Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229271. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-hjhp-prgp-pr6h",
  "modified": "2023-05-17T18:30:30Z",
  "published": "2023-05-17T18:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2766"
    },
    {
      "type": "WEB",
      "url": "https://github.com/8079048q/cve/blob/main/weaveroa.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.229271"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.229271"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HMHP-M9P3-PX6R

Vulnerability from github – Published: 2023-12-11 21:30 – Updated: 2023-12-13 21:30
VLAI
Details

The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-5907"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-11T20:15:07Z",
    "severity": "MODERATE"
  },
  "details": "The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files.",
  "id": "GHSA-hmhp-m9p3-px6r",
  "modified": "2023-12-13T21:30:28Z",
  "published": "2023-12-11T21:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5907"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/f250226f-4a05-4d75-93c4-5444a4ce919e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HQ75-6WCM-HC6G

Vulnerability from github – Published: 2022-07-18 00:00 – Updated: 2022-07-28 00:00
VLAI
Details

The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40149"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-17T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI.",
  "id": "GHSA-hq75-6wcm-hc6g",
  "modified": "2022-07-28T00:00:44Z",
  "published": "2022-07-18T00:00:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40149"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40149.txt"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/167407/Reolink-E1-Zoom-Camera-3.0.0.716-Private-Key-Disclosure.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Jun/0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.

CAPEC-150: Collect Data from Common Resource Locations

An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.

CAPEC-639: Probe System Files

An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.