CWE-552
AllowedFiles or Directories Accessible to External Parties
Abstraction: Base · Status: Draft
The product makes files or directories accessible to unauthorized actors, even though they should not be.
670 vulnerabilities reference this CWE, most recent first.
GHSA-5RQP-847G-V4F2
Vulnerability from github – Published: 2022-12-12 03:31 – Updated: 2025-04-23 15:30The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/. This address has a backup file which can be downloaded without any authentication.
{
"affected": [],
"aliases": [
"CVE-2022-45227"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-12T03:15:00Z",
"severity": "HIGH"
},
"details": "The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/. This address has a backup file which can be downloaded without any authentication.",
"id": "GHSA-5rqp-847g-v4f2",
"modified": "2025-04-23T15:30:41Z",
"published": "2022-12-12T03:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45227"
},
{
"type": "WEB",
"url": "https://sectrio.com/vulnerability-research/cve-2022-45227"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5V46-5C9P-J4MG
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.
{
"affected": [],
"aliases": [
"CVE-2018-10869"
],
"database_specific": {
"cwe_ids": [
"CWE-552",
"CWE-732"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-19T22:29:00Z",
"severity": "HIGH"
},
"details": "redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.",
"id": "GHSA-5v46-5c9p-j4mg",
"modified": "2022-05-13T01:34:56Z",
"published": "2022-05-13T01:34:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10869"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2373"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2018-10869"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593780"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10869"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105061"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5VM6-MM87-JJV8
Vulnerability from github – Published: 2022-08-02 00:00 – Updated: 2022-08-05 00:00The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.
{
"affected": [],
"aliases": [
"CVE-2022-1585"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-01T13:15:00Z",
"severity": "HIGH"
},
"details": "The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.",
"id": "GHSA-5vm6-mm87-jjv8",
"modified": "2022-08-05T00:00:24Z",
"published": "2022-08-02T00:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1585"
},
{
"type": "WEB",
"url": "https://wpscan.com/vulnerability/e709958c-7bce-45d7-9a0a-6e0ed12cd03f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5W78-C46H-GQXQ
Vulnerability from github – Published: 2023-01-23 15:30 – Updated: 2023-01-30 18:30The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked settings of the plugin publicly, including the used email address.
{
"affected": [],
"aliases": [
"CVE-2022-4346"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-23T15:15:00Z",
"severity": "MODERATE"
},
"details": "The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked settings of the plugin publicly, including the used email address.",
"id": "GHSA-5w78-c46h-gqxq",
"modified": "2023-01-30T18:30:22Z",
"published": "2023-01-23T15:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4346"
},
{
"type": "WEB",
"url": "https://wpscan.com/vulnerability/cc05f760-983d-4dc1-afbb-6b4965aa8abe"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-64GV-3PQV-299H
Vulnerability from github – Published: 2021-05-07 15:54 – Updated: 2021-05-05 22:31By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.wicket:wicket-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.17.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.wicket:wicket-core"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.9.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.wicket:wicket-core"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0-M1"
},
{
"fixed": "9.0.0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.0.0-M1"
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.wicket:wicket-core"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0-M2"
},
{
"fixed": "9.0.0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.0.0-M2"
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.wicket:wicket-core"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0-M3"
},
{
"fixed": "9.0.0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.0.0-M3"
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.wicket:wicket-core"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0-M4"
},
{
"fixed": "9.0.0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.0.0-M4"
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.wicket:wicket-core"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0-M5"
},
{
"fixed": "9.0.0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.0.0-M5"
]
}
],
"aliases": [
"CVE-2020-11976"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-552"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-05T22:31:00Z",
"nvd_published_at": "2020-08-11T19:15:00Z",
"severity": "HIGH"
},
"details": "By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5",
"id": "GHSA-64gv-3pqv-299h",
"modified": "2021-05-05T22:31:00Z",
"published": "2021-05-07T15:54:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11976"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r05340178680eb6b9d4d40d56b5621dd4ae9715e6f41f12ae2288ec49@%3Cdev.directory.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r104eeefeb1e9da51f7ef79cef0f9ff12e21ef8559b77801e86b21e16%40%3Cusers.wicket.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r982c626dbce5c995223c4a6ddd7685de3592f8d65ba8372da1f3ce19@%3Cdev.directory.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd0f36b83cc9f28b016ec552f023fb5a59a9ea8db56f2b9dcc6a2f6b7@%3Ccommits.directory.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd26cae6e30b205e09e4b511d3d962d4f677c0c604f737997ce1b2f22@%3Cdev.directory.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rdec0a43afdca59c10416889e07267f3d2fdf4ab929a6e22a2659b6ff@%3Cdev.directory.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re4af65851bf69605cfb68be215eba36d4cdc1a90b95fbc894799d923@%3Cdev.directory.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/reb7ea8141c713b5b19eaf34c00f43aaebf5a1c116130f763c42bdad1@%3Cdev.directory.apache.org%3E"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket"
}
GHSA-66RX-339R-MM8J
Vulnerability from github – Published: 2023-02-06 15:30 – Updated: 2023-02-15 00:30CRMEB 4.4.4 is vulnerable to Any File download.
{
"affected": [],
"aliases": [
"CVE-2022-44343"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-06T14:15:00Z",
"severity": "HIGH"
},
"details": "CRMEB 4.4.4 is vulnerable to Any File download.",
"id": "GHSA-66rx-339r-mm8j",
"modified": "2023-02-15T00:30:39Z",
"published": "2023-02-06T15:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44343"
},
{
"type": "WEB",
"url": "https://gist.github.com/Nmslgkd/442d8055914887d7c99c4e70a63da4c2"
},
{
"type": "WEB",
"url": "https://github.com/crmeb/CRMEB"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-66VJ-P7RX-6JRR
Vulnerability from github – Published: 2022-01-19 00:00 – Updated: 2022-01-26 00:03An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a group was due to incorrect handling of file.
{
"affected": [],
"aliases": [
"CVE-2022-0244"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-18T17:15:00Z",
"severity": "HIGH"
},
"details": "An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a group was due to incorrect handling of file.",
"id": "GHSA-66vj-p7rx-6jrr",
"modified": "2022-01-26T00:03:10Z",
"published": "2022-01-19T00:00:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0244"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1439593"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0244.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/349524"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-6769-R74J-4RX4
Vulnerability from github – Published: 2024-11-07 12:30 – Updated: 2024-11-07 12:30Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITE_DACL permission to the BUILTIN\Users group. This allows local users who are not administrators to grant themselves the Full Control permission on Velociraptor's files. By modifying Velociraptor's files, local users can subvert the binary and cause the Velociraptor service to execute arbitrary code as the SYSTEM user, or to replace the Velociraptor binary completely. This issue is fixed in version 0.73.3.
{
"affected": [],
"aliases": [
"CVE-2024-10526"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-07T11:15:03Z",
"severity": "HIGH"
},
"details": "Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITE_DACL permission to the BUILTIN\\\\Users group. This allows local users who are not administrators to grant themselves the Full Control permission on Velociraptor\u0027s files. By modifying Velociraptor\u0027s files, local users can subvert the binary and cause the Velociraptor service to execute arbitrary code as the SYSTEM user, or to replace the Velociraptor binary completely.\u00a0 This issue is fixed in version 0.73.3.",
"id": "GHSA-6769-r74j-4rx4",
"modified": "2024-11-07T12:30:35Z",
"published": "2024-11-07T12:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10526"
},
{
"type": "WEB",
"url": "https://docs.velociraptor.app/announcements/2024-cves"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:L/U:Red",
"type": "CVSS_V4"
}
]
}
GHSA-67Q5-5XJ6-VP4M
Vulnerability from github – Published: 2023-01-04 21:30 – Updated: 2024-10-16 12:30A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the imageProxy.type.php endpoint, external users are capable of accessing files on the server.
{
"affected": [],
"aliases": [
"CVE-2022-45052"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-04T19:15:00Z",
"severity": "MODERATE"
},
"details": "A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the imageProxy.type.php endpoint, external users are capable of accessing files on the server.",
"id": "GHSA-67q5-5xj6-vp4m",
"modified": "2024-10-16T12:30:47Z",
"published": "2023-01-04T21:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45052"
},
{
"type": "WEB",
"url": "https://csirt.divd.nl/CVE-2022-45052"
},
{
"type": "WEB",
"url": "https://csirt.divd.nl/DIVD-2022-00064"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-67QR-87V5-R3G3
Vulnerability from github – Published: 2025-02-12 18:31 – Updated: 2025-02-19 21:31In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF.
{
"affected": [],
"aliases": [
"CVE-2024-11629"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-12T17:15:22Z",
"severity": "HIGH"
},
"details": "In Progress\u00ae Telerik\u00ae Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF.",
"id": "GHSA-67qr-87v5-r3g3",
"modified": "2025-02-19T21:31:36Z",
"published": "2025-02-12T18:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11629"
},
{
"type": "WEB",
"url": "https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-rtf-filecontent-export-cve-2024-11629"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation
When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.
CAPEC-150: Collect Data from Common Resource Locations
An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.
CAPEC-639: Probe System Files
An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.