Common Weakness Enumeration

CWE-552

Allowed

Files or Directories Accessible to External Parties

Abstraction: Base · Status: Draft

The product makes files or directories accessible to unauthorized actors, even though they should not be.

670 vulnerabilities reference this CWE, most recent first.

GHSA-89J4-2255-GQ9X

Vulnerability from github – Published: 2025-05-27 21:32 – Updated: 2025-05-27 21:32
VLAI
Details

An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to /cms/templates/templatesAssetsEditor.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-45529"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-27T19:15:25Z",
    "severity": "HIGH"
  },
  "details": "An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to /cms/templates/templatesAssetsEditor.",
  "id": "GHSA-89j4-2255-gq9x",
  "modified": "2025-05-27T21:32:16Z",
  "published": "2025-05-27T21:32:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45529"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/sec-Kode/000fbab6dc649888bc196e76a4076b57"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sec-Kode/cve/blob/main/cve2.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8CVQ-3JJP-PH9P

Vulnerability from github – Published: 2025-01-14 18:31 – Updated: 2025-01-14 20:07
VLAI
Summary
Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability
Details

Affected versions:

  • Apache Linkis Metadata Query Service JDBC 1.5.0 before 1.7.0

Description:

In Apache Linkis <1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis < 1.6.0 will be affected.

We recommend users upgrade the version of Linkis to version 1.7.0.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.linkis:linkis-metadata-query-service-jdbc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.5.0"
            },
            {
              "fixed": "1.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-45627"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-01-14T20:07:31Z",
    "nvd_published_at": "2025-01-14T17:15:17Z",
    "severity": "MODERATE"
  },
  "details": "# Affected versions:\n\n- Apache Linkis Metadata Query Service JDBC 1.5.0 before 1.7.0\n\n# Description:\n\nIn Apache Linkis \u003c1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis \u003c 1.6.0 will be affected.\n\nWe recommend users upgrade the version of Linkis to version 1.7.0.",
  "id": "GHSA-8cvq-3jjp-ph9p",
  "modified": "2025-01-14T20:07:31Z",
  "published": "2025-01-14T18:31:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45627"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/linkis"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/0zzx8lldwoqgzq98mg61hojgpvn76xsh"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/01/14/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability"
}

GHSA-8CXW-WVHC-P4X4

Vulnerability from github – Published: 2022-10-19 19:00 – Updated: 2022-10-21 13:00
VLAI
Summary
Jenkins NUnit Plugin vulnerable to Protection Mechanism Failure
Details

Jenkins NUnit Plugin 0.27 and earlier implements an agent-to-controller message that parses files inside a user-specified directory as test results, allowing attackers able to control agent processes to obtain test results from files in an attacker-specified directory on the Jenkins controller. NUnit Plugin 0.28 changes the message type from agent-to-controller to controller-to-agent, preventing execution on the controller.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.27"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:nunit"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.28"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-43414"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552",
      "CWE-693"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-10-19T22:24:14Z",
    "nvd_published_at": "2022-10-19T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Jenkins NUnit Plugin 0.27 and earlier implements an agent-to-controller message that parses files inside a user-specified directory as test results, allowing attackers able to control agent processes to obtain test results from files in an attacker-specified directory on the Jenkins controller. NUnit Plugin 0.28 changes the message type from agent-to-controller to controller-to-agent, preventing execution on the controller.",
  "id": "GHSA-8cxw-wvhc-p4x4",
  "modified": "2022-10-21T13:00:27Z",
  "published": "2022-10-19T19:00:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43414"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/nunit-plugin/commit/e97a5aa804019ab345f50014f56ece23882c7475"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2551"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Jenkins NUnit Plugin vulnerable to Protection Mechanism Failure"
}

GHSA-8FG7-HP93-QHVR

Vulnerability from github – Published: 2024-05-15 20:02 – Updated: 2024-05-16 14:11
VLAI
Summary
wolfictl leaks GitHub tokens to remote non-GitHub git servers
Details

Summary

A git authentication issue allows a local user’s GitHub token to be sent to remote servers other than github.com.

Details

Most git-dependent functionality in wolfictl relies on its own git package, which contains centralized logic for implementing interactions with git repositories. Some of this functionality requires authentication in order to access private repositories. There’s a central function GetGitAuth:

https://github.com/wolfi-dev/wolfictl/blob/6d99909f7b1aa23f732d84dad054b02a61f530e6/pkg/git/git.go#L22

This looks for a GitHub token in the environment variable GITHUB_TOKEN and returns it as an HTTP basic auth object to be used with the github.com/go-git/go-git/v5 library.

Most callers (direct or indirect) of GetGitAuth use the token to authenticate to github.com only; however, in some cases callers were passing this authentication without checking that the remote git repository was hosted on github.com.

Issue 1

One of these callers processed git URLs from Melange package configurations, cloning the package’s upstream repository in order to determine which project dependencies have been upgraded since the prior update.

https://github.com/wolfi-dev/wolfictl/blob/4dd6c95abb4bc0f9306350a8601057bd7a92bded/pkg/update/deps/cleanup.go#L49

This issue affects the command wolfictl check update, and the set of remote git hosts is a function of the Melange package configuration files residing in the local directory specified in the command.

Issue 2

Another caller processes a git URL received as a command line argument and clones the repository to look for new available versions of the given project.

https://github.com/wolfi-dev/wolfictl/blob/488b53823350caa706de3f01ec0eded9350c7da7/pkg/update/update.go#L143

This issue affects the command wolfictl update.


This behavior has existed in one form or another since https://github.com/wolfi-dev/wolfictl/commit/0d06e1578300327c212dda26a5ab31d09352b9d0 - committed January 25, 2023.

PoC

GITHUB_TOKEN=test wolfictl update http://git.example.com/

Examining traffic sent to the remote server will show that the HTTP Authorization header contains test in base64 encoded format.

Impact

This impacts anyone who ran the wolfictl check update commands with a Melange configuration that included a git-checkout directive step that referenced a git repository not hosted on github.com.

This also impacts anyone who ran wolfictl update <url> with a remote URL outside of github.com.

Additionally, these subcommands must have run with the GITHUB_TOKEN environment variable set to a valid GitHub token.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/wolfi-dev/wolfictl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.16.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-35183"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-15T20:02:14Z",
    "nvd_published_at": "2024-05-15T22:15:08Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nA git authentication issue allows a local user\u2019s GitHub token to be sent to remote servers other than `github.com`.\n\n### Details\n\nMost git-dependent functionality in wolfictl relies on its own `git` package, which contains centralized logic for implementing interactions with git repositories. Some of this functionality requires authentication in order to access private repositories. There\u2019s a central function `GetGitAuth`:\n\nhttps://github.com/wolfi-dev/wolfictl/blob/6d99909f7b1aa23f732d84dad054b02a61f530e6/pkg/git/git.go#L22\n\nThis looks for a GitHub token in the environment variable `GITHUB_TOKEN` and returns it as an HTTP basic auth object to be used with the `github.com/go-git/go-git/v5` library.\n\nMost callers (direct or indirect) of `GetGitAuth` use the token to authenticate to github.com only; however, in some cases callers were passing this authentication without checking that the remote git repository was hosted on github.com.\n\n#### Issue 1\n\nOne of these callers processed git URLs from Melange package configurations, cloning the package\u2019s upstream repository in order to determine which project dependencies have been upgraded since the prior update.\n\nhttps://github.com/wolfi-dev/wolfictl/blob/4dd6c95abb4bc0f9306350a8601057bd7a92bded/pkg/update/deps/cleanup.go#L49\n\nThis issue affects the command `wolfictl check update`, and the set of remote git hosts is a function of the Melange package configuration files residing in the local directory specified in the command.\n\n#### Issue 2\n\nAnother caller processes a git URL received as a command line argument and clones the repository to look for new available versions of the given project.\n\nhttps://github.com/wolfi-dev/wolfictl/blob/488b53823350caa706de3f01ec0eded9350c7da7/pkg/update/update.go#L143\n\nThis issue affects the command `wolfictl update`.\n\n---\n\nThis behavior has existed in one form or another since https://github.com/wolfi-dev/wolfictl/commit/0d06e1578300327c212dda26a5ab31d09352b9d0 - committed January 25, 2023.\n\n### PoC\n\n```shell\nGITHUB_TOKEN=test wolfictl update http://git.example.com/\n```\n\nExamining traffic sent to the remote server will show that the HTTP `Authorization` header contains `test` in base64 encoded format.\n\n### Impact\n\nThis impacts anyone who ran the `wolfictl check update` commands with a Melange configuration that included a `git-checkout` directive step that referenced a git repository not hosted on github.com. \n\nThis also impacts anyone who ran `wolfictl update \u003curl\u003e` with a remote URL outside of github.com. \n\nAdditionally, these subcommands must have run with the `GITHUB_TOKEN` environment variable set to a valid GitHub token.\n",
  "id": "GHSA-8fg7-hp93-qhvr",
  "modified": "2024-05-16T14:11:10Z",
  "published": "2024-05-15T20:02:14Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/wolfi-dev/wolfictl/security/advisories/GHSA-8fg7-hp93-qhvr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35183"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wolfi-dev/wolfictl/commit/0d06e1578300327c212dda26a5ab31d09352b9d0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wolfi-dev/wolfictl/commit/403e93569f46766b4e26e06cf9cd0cae5ee0c2a2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/wolfi-dev/wolfictl"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wolfi-dev/wolfictl/blob/488b53823350caa706de3f01ec0eded9350c7da7/pkg/update/update.go#L143"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wolfi-dev/wolfictl/blob/4dd6c95abb4bc0f9306350a8601057bd7a92bded/pkg/update/deps/cleanup.go#L49"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wolfi-dev/wolfictl/blob/6d99909f7b1aa23f732d84dad054b02a61f530e6/pkg/git/git.go#L22"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "wolfictl leaks GitHub tokens to remote non-GitHub git servers"
}

GHSA-8FX8-PFFW-W498

Vulnerability from github – Published: 2025-01-03 16:24 – Updated: 2025-01-03 19:26
VLAI
Summary
SiYuan has an arbitrary file deletion vulnerability
Details

Summary

A arbitrary file deletion vulnerability has been identified in the latest version of Siyuan Note. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint.An attacker can craft a payload to exploit this vulnerability, resulting in the deletion of arbitrary files on the server.

Details

The vulnerability can be reproduced by sending a crafted request to the /api/history/getDocHistoryContent endpoint.

Sending a request to the /api/history/getDocHistoryContent like:

curl "http://127.0.0.1:6806/api/history/getDocHistoryContent" -X POST -H "Content-Type: application/json" -d '{"historyPath":"<abs_filepath_of_a_file>"}'

Replace <abs_filepath_of_a_file> with the absolute file path of the target file you wish to delete.

The historyPath parameter in the payload is processed by the func getDocHistoryContent in api/history.go:133.

In turn, historyPath is passed to the func GetDocHistoryContent located in model/history.go:150 , which is the slink of the vulnerability.

if historyPath exists and does not satisfy the filesys.ParseJSONWithoutFix, then it will be deleted by os.RemoveAll

func GetDocHistoryContent(historyPath, keyword string, highlight bool) (id, rootID, content string, isLargeDoc bool, err error) {
    if !gulu.File.IsExist(historyPath) {
        logging.LogWarnf("doc history [%s] not exist", historyPath)
        return
    }

    data, err := filelock.ReadFile(historyPath)
    if err != nil {
        logging.LogErrorf("read file [%s] failed: %s", historyPath, err)
        return
    }
    isLargeDoc = 1024*1024*1 <= len(data)

    luteEngine := NewLute()
    historyTree, err := filesys.ParseJSONWithoutFix(data, luteEngine.ParseOptions)
    if err != nil {
        logging.LogErrorf("parse tree from file [%s] failed, remove it", historyPath)
        os.RemoveAll(historyPath)
        return
    }
    ...
}

PoC

curl "http://127.0.0.1:6806/api/history/getDocHistoryContent" -X POST -H "Content-Type: application/json" -d '{"historyPath":"<abs_filepath_of_a_file>"}'

Impact

arbitrary file deletion vulnerability

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 0.0.0-20250103014808-d9887aeec1b2"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/siyuan-note/siyuan/kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-21609"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459",
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-01-03T16:24:34Z",
    "nvd_published_at": "2025-01-03T17:15:09Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nA **arbitrary file deletion vulnerability** has been identified in the latest version of Siyuan Note. The vulnerability exists in the `POST /api/history/getDocHistoryContent` endpoint.An attacker can craft a payload to exploit this vulnerability, resulting in the deletion of arbitrary files on the server.\n\n### Details\nThe vulnerability can be reproduced by sending a crafted request to the `/api/history/getDocHistoryContent` endpoint.\n\nSending a request  to the `/api/history/getDocHistoryContent` like:\n\n```\ncurl \"http://127.0.0.1:6806/api/history/getDocHistoryContent\" -X POST -H \"Content-Type: application/json\" -d \u0027{\"historyPath\":\"\u003cabs_filepath_of_a_file\u003e\"}\u0027\n```\n\nReplace `\u003cabs_filepath_of_a_file\u003e` with the absolute file path of the target file you wish to delete.\n\n\n\nThe `historyPath` parameter in the payload is processed by the `func getDocHistoryContent` in `api/history.go:133`.\n\nIn turn, `historyPath` is passed to the `func GetDocHistoryContent`  located in `model/history.go:150` , which is the slink of the vulnerability.\n\nif `historyPath` exists and does not satisfy the `filesys.ParseJSONWithoutFix`, then it will be deleted by `os.RemoveAll`\n\n```go\nfunc GetDocHistoryContent(historyPath, keyword string, highlight bool) (id, rootID, content string, isLargeDoc bool, err error) {\n\tif !gulu.File.IsExist(historyPath) {\n\t\tlogging.LogWarnf(\"doc history [%s] not exist\", historyPath)\n\t\treturn\n\t}\n\n\tdata, err := filelock.ReadFile(historyPath)\n\tif err != nil {\n\t\tlogging.LogErrorf(\"read file [%s] failed: %s\", historyPath, err)\n\t\treturn\n\t}\n\tisLargeDoc = 1024*1024*1 \u003c= len(data)\n\n\tluteEngine := NewLute()\n\thistoryTree, err := filesys.ParseJSONWithoutFix(data, luteEngine.ParseOptions)\n\tif err != nil {\n\t\tlogging.LogErrorf(\"parse tree from file [%s] failed, remove it\", historyPath)\n\t\tos.RemoveAll(historyPath)\n\t\treturn\n\t}\n\t...\n}\n```\n\n\n\n### PoC\n```\ncurl \"http://127.0.0.1:6806/api/history/getDocHistoryContent\" -X POST -H \"Content-Type: application/json\" -d \u0027{\"historyPath\":\"\u003cabs_filepath_of_a_file\u003e\"}\u0027\n```\n\n### Impact\narbitrary file deletion vulnerability\n",
  "id": "GHSA-8fx8-pffw-w498",
  "modified": "2025-01-03T19:26:05Z",
  "published": "2025-01-03T16:24:34Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-8fx8-pffw-w498"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21609"
    },
    {
      "type": "WEB",
      "url": "https://github.com/siyuan-note/siyuan/commit/d9887aeec1b27073bec66299a9a4181dc42969f3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/siyuan-note/siyuan"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "SiYuan has an arbitrary file deletion vulnerability"
}

GHSA-8GC3-XQ83-PHWW

Vulnerability from github – Published: 2022-09-30 00:00 – Updated: 2022-10-05 00:00
VLAI
Details

A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-40126"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-29T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.",
  "id": "GHSA-8gc3-xq83-phww",
  "modified": "2022-10-05T00:00:40Z",
  "published": "2022-09-30T00:00:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40126"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Fndroid/clash_for_windows_pkg/issues/3405"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8GX2-FCJG-WFJV

Vulnerability from github – Published: 2024-09-10 21:31 – Updated: 2024-09-10 21:31
VLAI
Details

A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-8655"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-10T20:15:05Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-8gx2-fcjg-wfjv",
  "modified": "2024-09-10T21:31:40Z",
  "published": "2024-09-10T21:31:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8655"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.276963"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.276963"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.401301"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-8J4V-G972-GJ5H

Vulnerability from github – Published: 2022-01-11 00:00 – Updated: 2022-01-15 00:03
VLAI
Details

An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-22270"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-10T14:12:00Z",
    "severity": "MODERATE"
  },
  "details": "An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.",
  "id": "GHSA-8j4v-g972-gj5h",
  "modified": "2022-01-15T00:03:21Z",
  "published": "2022-01-11T00:00:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22270"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-8M6J-C7JR-PC5F

Vulnerability from github – Published: 2022-08-29 20:06 – Updated: 2022-09-08 00:00
VLAI
Details

A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1117"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-29T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution.",
  "id": "GHSA-8m6j-c7jr-pc5f",
  "modified": "2022-09-08T00:00:33Z",
  "published": "2022-08-29T20:06:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1117"
    },
    {
      "type": "WEB",
      "url": "https://github.com/linux-application-whitelisting/fapolicyd/commit/38a942613f93824c53164730b2b7a2f75b8cd263"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2022:1898"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2022:4824"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2022-1117"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066904"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2068171"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8M84-H9HH-3CFH

Vulnerability from github – Published: 2024-08-21 12:30 – Updated: 2024-08-21 20:10
VLAI
Summary
Apache SeaTunnel SQL Injection vulnerability
Details

Mysql security vulnerability in Apache SeaTunnel.

Attackers can read files on the MySQL server by modifying the information in the MySQL URL

allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0.

Users are recommended to upgrade to version [1.0.1], which fixes the issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.seatunnel:seatunnel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0"
            },
            {
              "fixed": "1.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.0.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2023-49198"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-21T20:10:12Z",
    "nvd_published_at": "2024-08-21T10:15:04Z",
    "severity": "HIGH"
  },
  "details": "Mysql security vulnerability in Apache SeaTunnel.\n\nAttackers can read files on the MySQL server by modifying the information in the MySQL URL\n\n allowLoadLocalInfile=true\u0026allowUrlInLocalInfile=true\u0026allowLoadLocalInfileInPath=/\u0026maxAllowedPacket=655360\nThis issue affects Apache SeaTunnel: 1.0.0.\n\nUsers are recommended to upgrade to version [1.0.1], which fixes the issue.",
  "id": "GHSA-8m84-h9hh-3cfh",
  "modified": "2024-08-21T20:10:12Z",
  "published": "2024-08-21T12:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49198"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/seatunnel"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/48j9f1nsn037mgzc4j9o51nwglb1s08h"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Apache SeaTunnel SQL Injection vulnerability"
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.

CAPEC-150: Collect Data from Common Resource Locations

An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.

CAPEC-639: Probe System Files

An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.