Common Weakness Enumeration

CWE-552

Allowed

Files or Directories Accessible to External Parties

Abstraction: Base · Status: Draft

The product makes files or directories accessible to unauthorized actors, even though they should not be.

670 vulnerabilities reference this CWE, most recent first.

GHSA-769Q-5WW3-V8WW

Vulnerability from github – Published: 2023-12-26 21:30 – Updated: 2024-01-05 15:30
VLAI
Details

The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the backups-dup-lite/tmp directory (or the backups-dup-pro/tmp directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6114"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-26T19:15:08Z",
    "severity": "HIGH"
  },
  "details": "The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.",
  "id": "GHSA-769q-5ww3-v8ww",
  "modified": "2024-01-05T15:30:24Z",
  "published": "2023-12-26T21:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6114"
    },
    {
      "type": "WEB",
      "url": "https://drive.google.com/file/d/1mpapFCqfZLv__EAM7uivrrl2h55rpi1V/view?usp=sharing"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/5c5d41b9-1463-4a9b-862f-e9ee600ef8e1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-77X4-9G68-7HXR

Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2022-05-25 00:00
VLAI
Details

An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-3926"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-03T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.",
  "id": "GHSA-77x4-9g68-7hxr",
  "modified": "2022-05-25T00:00:20Z",
  "published": "2022-05-24T17:07:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3926"
    },
    {
      "type": "WEB",
      "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910006"
    },
    {
      "type": "WEB",
      "url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-789C-4PGV-92RH

Vulnerability from github – Published: 2022-08-23 00:00 – Updated: 2022-08-26 00:03
VLAI
Details

The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2392"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-22T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with \"Contributor\" permissions or higher.",
  "id": "GHSA-789c-4pgv-92rh",
  "modified": "2022-08-26T00:03:36Z",
  "published": "2022-08-23T00:00:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2392"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/5001ed18-858e-4c9d-9d7b-a1305fcdf61b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7C72-6V53-XQ93

Vulnerability from github – Published: 2022-11-04 12:00 – Updated: 2022-11-07 12:00
VLAI
Details

OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-43449"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-03T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.",
  "id": "GHSA-7c72-6v53-xq93",
  "modified": "2022-11-07T12:00:35Z",
  "published": "2022-11-04T12:00:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43449"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-11.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7G45-4RM6-3MM3

Vulnerability from github – Published: 2023-06-14 18:30 – Updated: 2025-11-04 16:44
VLAI
Summary
Guava vulnerable to insecure use of temporary directory
Details

Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.

Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.google.guava:guava"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0"
            },
            {
              "fixed": "32.0.0-android"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-2976"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-379",
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-06-14T21:01:07Z",
    "nvd_published_at": "2023-06-14T18:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Use of Java\u0027s default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.\n\nEven though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.",
  "id": "GHSA-7g45-4rm6-3mm3",
  "modified": "2025-11-04T16:44:26Z",
  "published": "2023-06-14T18:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
    },
    {
      "type": "WEB",
      "url": "https://github.com/google/guava/issues/2575"
    },
    {
      "type": "WEB",
      "url": "https://github.com/google/guava/issues/6532"
    },
    {
      "type": "WEB",
      "url": "https://github.com/google/guava/commit/feb83a1c8fd2e7670b244d5afd23cba5aca43284"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/google/guava"
    },
    {
      "type": "WEB",
      "url": "https://github.com/google/guava/releases/tag/v32.0.0"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230818-0008"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20241108-0002"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Guava vulnerable to insecure use of temporary directory"
}

GHSA-7GVX-RVMQ-CW57

Vulnerability from github – Published: 2025-05-19 06:30 – Updated: 2025-05-19 06:30
VLAI
Details

A vulnerability classified as critical was found in SourceCodester Client Database Management System 1.0. This vulnerability affects unknown code. The manipulation leads to exposure of information through directory listing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-4909"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548",
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-19T04:15:42Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability classified as critical was found in SourceCodester Client Database Management System 1.0. This vulnerability affects unknown code. The manipulation leads to exposure of information through directory listing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-7gvx-rvmq-cw57",
  "modified": "2025-05-19T06:30:35Z",
  "published": "2025-05-19T06:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4909"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dengxun628/cve/issues/3"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.309466"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.309466"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.578723"
    },
    {
      "type": "WEB",
      "url": "https://www.sourcecodester.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-7QQR-WWJQ-98V6

Vulnerability from github – Published: 2022-09-29 00:00 – Updated: 2022-10-01 00:00
VLAI
Details

When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3287"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-256",
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-28T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.",
  "id": "GHSA-7qqr-wwjq-98v6",
  "modified": "2022-10-01T00:00:21Z",
  "published": "2022-09-29T00:00:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3287"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7R68-66H2-V7F6

Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-06-29 00:00
VLAI
Details

The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22015"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-23T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance.",
  "id": "GHSA-7r68-66h2-v7f6",
  "modified": "2022-06-29T00:00:44Z",
  "published": "2022-05-24T19:15:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22015"
    },
    {
      "type": "WEB",
      "url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/170116/VMware-vCenter-vScalation-Privilege-Escalation.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7VC2-X95V-G6M9

Vulnerability from github – Published: 2026-06-22 15:30 – Updated: 2026-06-22 18:34
VLAI
Details

GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user approval) via a file-handler URI parameter to fetch_webpage. Therefore, exfiltration could occur if there is indirect prompt injection.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-66389"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-22T14:16:24Z",
    "severity": "HIGH"
  },
  "details": "GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user approval) via a file-handler URI parameter to fetch_webpage. Therefore, exfiltration could occur if there is indirect prompt injection.",
  "id": "GHSA-7vc2-x95v-g6m9",
  "modified": "2026-06-22T18:34:11Z",
  "published": "2026-06-22T15:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66389"
    },
    {
      "type": "WEB",
      "url": "https://blindcyber.com/2025/10/28/copilot-fun"
    },
    {
      "type": "WEB",
      "url": "https://github.com/microsoft/vscode-copilot-chat"
    },
    {
      "type": "WEB",
      "url": "https://github.com/microsoft/vscode/blob/03baef1008086ed4960042fa463e570072173bb5/src/vs/workbench/contrib/chat/electron-browser/tools/fetchPageTool.ts#L152"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7XFV-PF6F-P6V2

Vulnerability from github – Published: 2023-08-04 00:30 – Updated: 2025-05-19 21:30
VLAI
Details

Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38952"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-03T23:15:11Z",
    "severity": "HIGH"
  },
  "details": "Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system.",
  "id": "GHSA-7xfv-pf6f-p6v2",
  "modified": "2025-05-19T21:30:27Z",
  "published": "2023-08-04T00:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38952"
    },
    {
      "type": "WEB",
      "url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-38952"
    },
    {
      "type": "WEB",
      "url": "https://github.com/omair2084/biotime-rce-8.5.5/blob/main/biotime_enum.py"
    },
    {
      "type": "WEB",
      "url": "https://krashconsulting.com/fury-of-fingers-biotime-rce"
    },
    {
      "type": "WEB",
      "url": "https://sploitus.com/exploit?id=PACKETSTORM:177859"
    },
    {
      "type": "WEB",
      "url": "http://zkteco.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.

CAPEC-150: Collect Data from Common Resource Locations

An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.

CAPEC-639: Probe System Files

An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.