Common Weakness Enumeration

CWE-552

Allowed

Files or Directories Accessible to External Parties

Abstraction: Base · Status: Draft

The product makes files or directories accessible to unauthorized actors, even though they should not be.

670 vulnerabilities reference this CWE, most recent first.

GHSA-P833-V842-WJ4M

Vulnerability from github – Published: 2024-03-18 18:32 – Updated: 2024-03-18 18:32
VLAI
Details

CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow unauthenticated files and logs exfiltration and download of files when an attacker modifies the URL to download to a different location.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-2052"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-18T16:15:09Z",
    "severity": "HIGH"
  },
  "details": "\nCWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow\nunauthenticated files and logs exfiltration and download of files when an attacker modifies the\nURL to download to a different location.\n\n",
  "id": "GHSA-p833-v842-wj4m",
  "modified": "2024-03-18T18:32:18Z",
  "published": "2024-03-18T18:32:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2052"
    },
    {
      "type": "WEB",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-072-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-072-01.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P86W-W5RH-M3HX

Vulnerability from github – Published: 2025-10-02 12:31 – Updated: 2025-11-05 20:47
VLAI
Summary
Apache Kylin Files or Directories Accessible to External Parties
Details

Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected.

This issue affects Apache Kylin: from 4.0.0 through 5.0.2.

Users are recommended to upgrade to version 5.0.3, which fixes the issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.kylin:kylin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "5.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.kylin:kylin-common-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "5.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.kylin:kylin-common-service"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "5.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.kylin:kylin-core-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "5.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.kylin:kylin-core-metadata"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "5.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.kylin:kylin-ops-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "5.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.kylin:kylin-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "5.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-61734"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-02T21:03:33Z",
    "nvd_published_at": "2025-10-02T10:15:40Z",
    "severity": "HIGH"
  },
  "details": "Files or Directories Accessible to External Parties vulnerability in Apache Kylin.\n You are fine as long as the Kylin\u0027s system and project admin access is well protected.\n\nThis issue affects Apache Kylin: from 4.0.0 through 5.0.2.\n\nUsers are recommended to upgrade to version 5.0.3, which fixes the issue.",
  "id": "GHSA-p86w-w5rh-m3hx",
  "modified": "2025-11-05T20:47:49Z",
  "published": "2025-10-02T12:31:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61734"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/kylin/pull/2332"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/kylin/commit/22eb8fd5dfdeffa3fc57bae6d5c82a019eece662"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/kylin"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/jira/browse/KYLIN-6082"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/z705g7sn3g0bkchlqbo1hz1tyqorn4d2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/09/30/8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Kylin Files or Directories Accessible to External Parties"
}

GHSA-P8RV-V842-XWM4

Vulnerability from github – Published: 2025-05-15 21:31 – Updated: 2025-05-17 06:30
VLAI
Details

The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which files can be downloaded. This makes it possible for authenticated attackers, with admin-level access and above, to download arbitrary files that may contain sensitive information like wp-config.php.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-8031"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-15T20:15:57Z",
    "severity": "MODERATE"
  },
  "details": "The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which files can be downloaded. This makes it possible for authenticated attackers, with admin-level access and above, to download arbitrary files that may contain sensitive information like wp-config.php.",
  "id": "GHSA-p8rv-v842-xwm4",
  "modified": "2025-05-17T06:30:25Z",
  "published": "2025-05-15T21:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8031"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/c6f54e6f-0a50-424f-ae3a-00b9880d9f13"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P966-77RF-MH87

Vulnerability from github – Published: 2024-05-03 03:30 – Updated: 2024-05-03 03:30
VLAI
Details

Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

The specific flaw exists within the handling of FileDirectory OPC UA Objects. The issue results from allowing unauthorized access to the filesystem. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20549.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-39480"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T03:15:14Z",
    "severity": "MODERATE"
  },
  "details": "Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the handling of FileDirectory OPC UA Objects. The issue results from allowing unauthorized access to the filesystem. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20549.",
  "id": "GHSA-p966-77rf-mh87",
  "modified": "2024-05-03T03:30:56Z",
  "published": "2024-05-03T03:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39480"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1062"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P9WR-V92W-45Q4

Vulnerability from github – Published: 2024-12-31 18:30 – Updated: 2024-12-31 18:30
VLAI
Details

A widget local file inclusion vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-52047"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-31T16:15:25Z",
    "severity": "HIGH"
  },
  "details": "A widget local file inclusion vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
  "id": "GHSA-p9wr-v92w-45q4",
  "modified": "2024-12-31T18:30:51Z",
  "published": "2024-12-31T18:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52047"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/en-US/solution/KA-0016669"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P9XF-3RM3-QH2H

Vulnerability from github – Published: 2022-05-25 00:00 – Updated: 2022-08-11 13:22
VLAI
Summary
Wildfly-Core user account mismanagement
Details

A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.wildfly.core:wildfly-core-parent"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "17.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-3717"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-16T23:22:01Z",
    "nvd_published_at": "2022-05-24T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0.",
  "id": "GHSA-p9xf-3rm3-qh2h",
  "modified": "2022-08-11T13:22:17Z",
  "published": "2022-05-25T00:00:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3717"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991305"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220804-0002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Wildfly-Core user account mismanagement"
}

GHSA-PG6M-MHV8-FPMP

Vulnerability from github – Published: 2026-06-19 00:31 – Updated: 2026-06-19 00:31
VLAI
Details

Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-40624"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-19T00:16:47Z",
    "severity": "CRITICAL"
  },
  "details": "Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ \ncameras may allow a remote, unauthenticated attacker to achieve \narbitrary code execution via a specially crafted web request.",
  "id": "GHSA-pg6m-mhv8-fpmp",
  "modified": "2026-06-19T00:31:38Z",
  "published": "2026-06-19T00:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40624"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-169-01.json"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-PGF9-H69P-PCGF

Vulnerability from github – Published: 2018-10-17 20:29 – Updated: 2024-03-05 18:07
VLAI
Summary
Files or Directories Accessible to External Parties in org.springframework:spring-core
Details

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework:spring-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.2.0"
            },
            {
              "fixed": "4.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework:spring-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.1.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework:spring-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2015-5211"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:49:06Z",
    "nvd_published_at": "2017-05-25T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.",
  "id": "GHSA-pgf9-h69p-pcgf",
  "modified": "2024-03-05T18:07:02Z",
  "published": "2018-10-17T20:29:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5211"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/03f547eb9868f48f44d59b56067d4ac4740672c3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/2bd1daa75ee0b8ec33608ca6ab065ef3e1815543"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/a95c3d820dbc4c3ae752f1b3ee22ee860b162402"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-pgf9-h69p-pcgf"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/spring-projects/spring-framework"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "https://pivotal.io/security/cve-2015-5211"
    },
    {
      "type": "WEB",
      "url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Files or Directories Accessible to External Parties in org.springframework:spring-core"
}

GHSA-PHHQ-63JG-FP7R

Vulnerability from github – Published: 2025-07-09 17:56 – Updated: 2025-07-09 17:56
VLAI
Summary
Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points
Details

Background

The VOLUME directive in Dockerfiles, or the config.volumes field in OCI image descriptors, indicates filesystem paths "where the process is likely to write data". While these paths have special semantics in Docker, they are only hints in the OCI spec and are not treated specially by Kubernetes. However, containered implements the specified conversion logic and adds a mount point if there is none set by Kubernetes.

Unfortunately, the specification leaves it open whether the mount point is populated with any and what data, so the runtime needs to be able to push arbitrary data to the Kata agent. However, this is almost always not what the user wants:

  1. A declared VOLUME location is usually important to the app's core functionality, which is usually at odds with the data in that location being untrusted.
  2. VOLUME declarations are often used by image vendors to indicate "mount your persistence here" to the user. They are rarely useful without a real volume mounted there.

Impact

All of the following need to be true to be affected by this vulnerability:

  1. A bare metal Contrast deployment (AKS is not affected).
  2. An image with at least one VOLUME directive.
  3. No Kubernetes mount at the path of the VOLUME.

If these are all true, the host is able to write arbitrary trees below that mount point.

Patches

Patched in v1.9.1 by disallowing this configuration in contrast generate.

Workarounds

Explicitly mount an emptyDir to all VOLUME locations. If the initial data in these locations is needed by the application, the image needs to be modified to remove the config.volumes entries.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/edgelesssys/contrast"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.9.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-552",
      "CWE-693"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-09T17:56:24Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "### Background\n\nThe [`VOLUME`](https://docs.docker.com/reference/dockerfile/#volume) directive in Dockerfiles, or the [`config.volumes`](https://github.com/opencontainers/image-spec/blob/06e6b47e2ef69021d9f9bf2cfa5fe43a7e010c81/config.md?plain=1#L168-L170) field in OCI image descriptors, indicates filesystem paths \"where the process is likely to write data\". While these paths have special semantics in Docker, they are only hints in the OCI spec and are not treated specially by Kubernetes. However, containered implements the [specified conversion logic](https://github.com/opencontainers/image-spec/blob/06e6b47e2ef69021d9f9bf2cfa5fe43a7e010c81/conversion.md?plain=1#L100-L105) and adds a mount point if there is none set by Kubernetes.\n\nUnfortunately, the specification leaves it open whether the mount point is populated with any and what data, so the runtime needs to be able to push arbitrary data to the Kata agent. However, this is almost always not what the user wants:\n\n1. A declared `VOLUME` location is usually important to the app\u0027s core functionality, which is usually at odds with the data in that location being untrusted.\n2. `VOLUME` declarations are often used by image vendors to indicate \"mount your persistence here\" to the user. They are rarely useful without a real volume mounted there.\n\n### Impact\n\nAll of the following need to be true to be affected by this vulnerability:\n\n1. A bare metal Contrast deployment (AKS is not affected).\n2. An image with at least one VOLUME directive.\n3. No Kubernetes mount at the path of the VOLUME.\n\nIf these are all true, the host is able to write arbitrary trees below that mount point.\n\n### Patches\n\nPatched in v1.9.1 by disallowing this configuration in `contrast generate`.\n\n### Workarounds\n\nExplicitly mount an `emptyDir` to all `VOLUME` locations. If the initial data in these locations is needed by the application, the image needs to be modified to remove the `config.volumes` entries.",
  "id": "GHSA-phhq-63jg-fp7r",
  "modified": "2025-07-09T17:56:24Z",
  "published": "2025-07-09T17:56:24Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/edgelesssys/contrast/security/advisories/GHSA-phhq-63jg-fp7r"
    },
    {
      "type": "WEB",
      "url": "https://github.com/edgelesssys/contrast/commit/635b471ddbb512b6661e6f1d767aab818bd50bda"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/edgelesssys/contrast"
    },
    {
      "type": "WEB",
      "url": "https://github.com/edgelesssys/contrast/releases/tag/v1.9.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points"
}

GHSA-PHJP-6Q2X-Q4WX

Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2022-05-24 17:31
VLAI
Details

Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. A non-LDAP remote user with low privileges may exploit this vulnerability to perform 'saveset' related operations in an unintended manner. The vulnerability is not exploitable by users authenticated via LDAP.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-26182"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-16T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. A non-LDAP remote user with low privileges may exploit this vulnerability to perform \u0027saveset\u0027 related operations in an unintended manner. The vulnerability is not exploitable by users authenticated via LDAP.",
  "id": "GHSA-phjp-6q2x-q4wx",
  "modified": "2022-05-24T17:31:03Z",
  "published": "2022-05-24T17:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26182"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/security/en-us/details/546616/DSA-2020-229-Dell-EMC-NetWorker-Multiple-Security-Vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.

CAPEC-150: Collect Data from Common Resource Locations

An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.

CAPEC-639: Probe System Files

An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.