Common Weakness Enumeration

CWE-552

Allowed

Files or Directories Accessible to External Parties

Abstraction: Base · Status: Draft

The product makes files or directories accessible to unauthorized actors, even though they should not be.

670 vulnerabilities reference this CWE, most recent first.

GHSA-QPHC-J6PG-2QRG

Vulnerability from github – Published: 2026-03-16 15:30 – Updated: 2026-03-16 15:30
VLAI
Details

ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code for privilege escalation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-20025"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-16T14:17:48Z",
    "severity": "HIGH"
  },
  "details": "ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code for privilege escalation.",
  "id": "GHSA-qphc-j6pg-2qrg",
  "modified": "2026-03-16T15:30:40Z",
  "published": "2026-03-16T15:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-20025"
    },
    {
      "type": "WEB",
      "url": "https://cxsecurity.com/issue/WLB-2016080265"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116486"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/138566"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/40323"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/zkteco-zkaccess-professional-privilege-escalation-via-insecure-permissions"
    },
    {
      "type": "WEB",
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5361.php"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-QQHF-XFHW-7884

Vulnerability from github – Published: 2022-11-04 12:00 – Updated: 2022-11-04 20:49
VLAI
Summary
Markdownify has Files or Directories Accessible to External Parties
Details

Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "electron-markdownify"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-41710"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-04T20:49:16Z",
    "nvd_published_at": "2022-11-03T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them.",
  "id": "GHSA-qqhf-xfhw-7884",
  "modified": "2022-11-04T20:49:16Z",
  "published": "2022-11-04T12:00:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41710"
    },
    {
      "type": "WEB",
      "url": "https://fluidattacks.com/advisories/noisestorm"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/amitmerchant1990/electron-markdownify"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Markdownify has Files or Directories Accessible to External Parties"
}

GHSA-QQJ8-52JC-QFHP

Vulnerability from github – Published: 2025-12-12 12:30 – Updated: 2025-12-12 12:30
VLAI
Details

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to sensitive information exposure due to storage of exported CSV files in a publicly accessible directory with predictable filenames in all versions up to, and including, 4.9.2. This makes it possible for unauthenticated attackers to access sensitive user data including emails, IP addresses, usernames, roles, and location data by directly accessing the exported CSV file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-14442"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-12T12:15:46Z",
    "severity": "MODERATE"
  },
  "details": "The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to sensitive information exposure due to storage of exported CSV files in a publicly accessible directory with predictable filenames in all versions up to, and including, 4.9.2. This makes it possible for unauthenticated attackers to access sensitive user data including emails, IP addresses, usernames, roles, and location data by directly accessing the exported CSV file.",
  "id": "GHSA-qqj8-52jc-qfhp",
  "modified": "2025-12-12T12:30:25Z",
  "published": "2025-12-12T12:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14442"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/secure-copy-content-protection/tags/4.9.0/admin/class-secure-copy-content-protection-admin.php#L557"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/secure-copy-content-protection/tags/4.9.3/admin/class-secure-copy-content-protection-admin.php#L560"
    },
    {
      "type": "WEB",
      "url": "https://wordpress.org/plugins/secure-copy-content-protection/#developers"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/72b95777-d17b-4504-95fd-c83b18106b9e?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QRMM-W4V4-Q7F8

Vulnerability from github – Published: 2021-05-06 15:27 – Updated: 2021-05-05 18:45
VLAI
Summary
Unauthorized access through URL manipulation
Details

Impact

The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation.

Patches

The vulnerability has been patched in version 1.2.65 of the master branch, version 1.1.113 of the 1.1.x series, and version 1.0.12 of the stable branch. The Docker image on docker.io has been patched.

Workarounds

If upgrading is not possible, manually apply the changes of https://github.com/jhpyle/docassemble/commit/e3dbf6ce054b3c0310996f0657289f5eed0a73fe and restart the server (e.g., by pressing Save on the Configuration screen).

Credit

The vulnerability was discovered by Jim Platania of Seiso LLC (@jimmio).

For more information

If you have any questions or comments about this advisory: * Open an issue in docassemble * Join the Slack channel * Email us at jhpyle@gmail.com

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "docassemble"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.65"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-05T18:45:36Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\nThe vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation.\n\n### Patches\nThe vulnerability has been patched in version 1.2.65 of the `master` branch, version 1.1.113 of the 1.1.x series, and version 1.0.12 of the `stable` branch. The Docker image on docker.io has been patched.\n\n### Workarounds\nIf upgrading is not possible, manually apply the changes of https://github.com/jhpyle/docassemble/commit/e3dbf6ce054b3c0310996f0657289f5eed0a73fe and restart the server (e.g., by pressing Save on the Configuration screen).\n\n### Credit\nThe vulnerability was discovered by Jim Platania of Seiso LLC (@jimmio).\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [docassemble](https://github.com/jhpyle/docassemble/issues)\n* Join the [Slack channel](https://join.slack.com/t/docassemble/shared_invite/zt-ohrn8y9z-_Fb3RAl~JPBU6Km7odBPfQ)\n* Email us at [jhpyle@gmail.com](mailto:jhpyle@gmail.com)\n",
  "id": "GHSA-qrmm-w4v4-q7f8",
  "modified": "2021-05-05T18:45:36Z",
  "published": "2021-05-06T15:27:22Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jhpyle/docassemble/security/advisories/GHSA-qrmm-w4v4-q7f8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Unauthorized access through URL manipulation"
}

GHSA-QW62-27CX-6CQG

Vulnerability from github – Published: 2024-11-15 18:30 – Updated: 2024-11-15 18:30
VLAI
Details

A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data.

This vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vulnerability by accessing files in the application data directory. A successful exploit could allow the attacker to view sensitive information. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20039"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-15T16:15:25Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data.\n\nThis vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vulnerability by accessing files in the application data directory. A successful exploit could allow the attacker to view sensitive information.\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\u0026nbsp;",
  "id": "GHSA-qw62-27cx-6cqg",
  "modified": "2024-11-15T18:30:50Z",
  "published": "2024-11-15T18:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20039"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-CAeLFk6V"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R2Q6-XHR4-WGJW

Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2022-05-24 19:20
VLAI
Details

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all valid usernames.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-31600"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-08T04:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all valid usernames.",
  "id": "GHSA-r2q6-xhr4-wgjw",
  "modified": "2022-05-24T19:20:05Z",
  "published": "2022-05-24T19:20:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31600"
    },
    {
      "type": "WEB",
      "url": "https://www.hitachi.com/hirt/security/index.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/164787/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-User-Enumeration.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-R4V4-W9PV-6FPH

Vulnerability from github – Published: 2024-07-05 03:30 – Updated: 2025-11-04 19:46
VLAI
Summary
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
Details

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "cinder"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "24.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "glance"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "28.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "nova"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "29.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-32498"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-07-08T19:04:07Z",
    "nvd_published_at": "2024-07-05T02:15:09Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file\u0027s contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.",
  "id": "GHSA-r4v4-w9pv-6fph",
  "modified": "2025-11-04T19:46:52Z",
  "published": "2024-07-05T03:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32498"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.net/bugs/2059809"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://security.openstack.org/ossa/OSSA-2024-001.html"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2024/07/02/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/07/02/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access"
}

GHSA-R93W-724G-3J3H

Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2022-05-24 17:34
VLAI
Details

An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-26549"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-17T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading.",
  "id": "GHSA-r93w-724g-3j3h",
  "modified": "2022-05-24T17:34:28Z",
  "published": "2022-05-24T17:34:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26549"
    },
    {
      "type": "WEB",
      "url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-RCV3-6PGV-6P72

Vulnerability from github – Published: 2024-01-23 21:30 – Updated: 2025-06-17 18:31
VLAI
Details

A local file inclusion vulnerability on the Trend Micro Apex One management server could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-47202"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-23T21:15:08Z",
    "severity": "HIGH"
  },
  "details": "A local file inclusion vulnerability on the Trend Micro Apex One management server could allow a local attacker to escalate privileges on affected installations.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
  "id": "GHSA-rcv3-6pgv-6p72",
  "modified": "2025-06-17T18:31:31Z",
  "published": "2024-01-23T21:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47202"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1621"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RF8V-2CG8-2C3M

Vulnerability from github – Published: 2026-02-04 00:30 – Updated: 2026-02-04 00:30
VLAI
Details

webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backup_[timestamp].sql.gz file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-37082"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-03T22:16:23Z",
    "severity": "HIGH"
  },
  "details": "webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backup_[timestamp].sql.gz file.",
  "id": "GHSA-rf8v-2cg8-2c3m",
  "modified": "2026-02-04T00:30:29Z",
  "published": "2026-02-04T00:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37082"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/projects/web-erp"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/48420"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/weberp-unauthenticated-backup-file-access"
    },
    {
      "type": "WEB",
      "url": "http://www.weberp.org"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.

CAPEC-150: Collect Data from Common Resource Locations

An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.

CAPEC-639: Probe System Files

An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.