CWE-538
AllowedInsertion of Sensitive Information into Externally-Accessible File or Directory
Abstraction: Base · Status: Draft
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.
155 vulnerabilities reference this CWE, most recent first.
GHSA-C3F5-RVXJ-625X
Vulnerability from github – Published: 2025-01-27 15:30 – Updated: 2026-04-01 18:33Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in codection Import and export users and customers allows Retrieve Embedded Sensitive Data. This issue affects Import and export users and customers: from n/a through 1.27.12.
{
"affected": [],
"aliases": [
"CVE-2025-24689"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:16Z",
"severity": "MODERATE"
},
"details": "Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in codection Import and export users and customers allows Retrieve Embedded Sensitive Data. This issue affects Import and export users and customers: from n/a through 1.27.12.",
"id": "GHSA-c3f5-rvxj-625x",
"modified": "2026-04-01T18:33:29Z",
"published": "2025-01-27T15:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24689"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/import-users-from-csv-with-meta/vulnerability/wordpress-import-and-export-users-and-customers-plugin-1-27-12-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C65R-5X48-PVC5
Vulnerability from github – Published: 2025-11-15 00:30 – Updated: 2025-11-15 00:30TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and download files within the directory to obtain valid account usernames and passwords, leading to loss of confidentiality and further unauthorized access.
{
"affected": [],
"aliases": [
"CVE-2021-4471"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-14T23:15:43Z",
"severity": "HIGH"
},
"details": "TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and download files within the directory to obtain valid account usernames and passwords, leading to loss of confidentiality and further unauthorized access.",
"id": "GHSA-c65r-5x48-pvc5",
"modified": "2025-11-15T00:30:26Z",
"published": "2025-11-15T00:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4471"
},
{
"type": "WEB",
"url": "https://ssd-disclosure.com/ssd-advisory-tg8-firewall-preauth-rce-and-password-disclosure"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20211024224240/http://www.tg8security.com"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/tg8-firewall-unauthenticated-user-password-disclosure"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-CCF8-539P-4GC2
Vulnerability from github – Published: 2026-06-12 21:31 – Updated: 2026-06-12 21:31During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits arbitrary memory reads, enabling full firmware extraction. An attacker with brief physical access, common for outdoor-mounted devices, can therefore recover WiFi credentials and bootstrap firmware-side attacks.
{
"affected": [],
"aliases": [
"CVE-2026-50099"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-12T19:16:29Z",
"severity": "MODERATE"
},
"details": "During WiFi association, Naxclow device firmware prints the host network\u2019s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits arbitrary memory reads, enabling full firmware extraction. An attacker with brief physical access, common for outdoor-mounted devices, can therefore recover WiFi credentials and bootstrap firmware-side attacks.",
"id": "GHSA-ccf8-539p-4gc2",
"modified": "2026-06-12T21:31:44Z",
"published": "2026-06-12T21:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50099"
},
{
"type": "WEB",
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-162-02.json"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-CJ2C-WH4J-HW39
Vulnerability from github – Published: 2026-02-11 15:30 – Updated: 2026-06-04 09:30Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Logo j-Platform: from 3.29.6.4 through 13112025.
{
"affected": [],
"aliases": [
"CVE-2025-12059"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-11T15:16:12Z",
"severity": "CRITICAL"
},
"details": "Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Logo j-Platform: from 3.29.6.4 through 13112025.",
"id": "GHSA-cj2c-wh4j-hw39",
"modified": "2026-06-04T09:30:34Z",
"published": "2026-02-11T15:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12059"
},
{
"type": "WEB",
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0061"
},
{
"type": "WEB",
"url": "https://www.usom.gov.tr/bildirim/tr-26-0061"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CM9X-C3RH-7RC4
Vulnerability from github – Published: 2022-12-29 01:49 – Updated: 2022-12-29 01:49Impact
It is possible to craft an environment variable with newlines to add entries to a container's /etc/passwd. It is possible to circumvent admission validation of username/UID by adding such an entry.
Note: because the pod author is in control of the container's /etc/passwd, this is not considered a new risk factor. However, this advisory is being opened for transparency and as a way of tracking fixes.
Patches
1.26.0 will have the fix. More patches will be posted as they're available.
Workarounds
Additional security controls like SELinux should prevent any damage a container is able to do with root on the host. Using SELinux is recommended because this class of attack is already possible by manually editing the container's /etc/passwd
References
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/cri-o/cri-o"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.26.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-4318"
],
"database_specific": {
"cwe_ids": [
"CWE-538",
"CWE-913"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-29T01:49:47Z",
"nvd_published_at": "2023-09-25T20:15:10Z",
"severity": "MODERATE"
},
"details": "### Impact\nIt is possible to craft an environment variable with newlines to add entries to a container\u0027s /etc/passwd. It is possible to circumvent admission validation of username/UID by adding such an entry.\n\nNote: because the pod author is in control of the container\u0027s /etc/passwd, this is not considered a new risk factor. However, this advisory is being opened for transparency and as a way of tracking fixes.\n\n### Patches\n1.26.0 will have the fix. More patches will be posted as they\u0027re available.\n\n### Workarounds\nAdditional security controls like SELinux should prevent any damage a container is able to do with root on the host. Using SELinux is recommended because this class of attack is already possible by manually editing the container\u0027s /etc/passwd \n\n### References\n",
"id": "GHSA-cm9x-c3rh-7rc4",
"modified": "2022-12-29T01:49:47Z",
"published": "2022-12-29T01:49:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cri-o/cri-o/security/advisories/GHSA-cm9x-c3rh-7rc4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4318"
},
{
"type": "WEB",
"url": "https://github.com/cri-o/cri-o/pull/6450"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:1033"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:1503"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2022-4318"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152703"
},
{
"type": "PACKAGE",
"url": "https://github.com/cri-o/cri-o"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "CRI-O vulnerable to /etc/passwd tampering resulting in Privilege Escalation"
}
GHSA-CQVC-JXXJ-VHF8
Vulnerability from github – Published: 2025-11-11 06:30 – Updated: 2026-04-08 18:33The Shelf Planner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.0 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files.
{
"affected": [],
"aliases": [
"CVE-2025-11891"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-11T04:15:44Z",
"severity": "MODERATE"
},
"details": "The Shelf Planner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.0 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files.",
"id": "GHSA-cqvc-jxxj-vhf8",
"modified": "2026-04-08T18:33:58Z",
"published": "2025-11-11T06:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11891"
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/shelf-planner"
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/shelf-planner/#developers"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/17f17cae-f444-4fa1-9090-ec6ea267ef2e?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CRHQ-582W-H987
Vulnerability from github – Published: 2024-02-06 09:31 – Updated: 2024-02-06 09:31Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices.
{
"affected": [],
"aliases": [
"CVE-2024-22433"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-06T07:15:11Z",
"severity": "HIGH"
},
"details": "\nDell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices.\n\n",
"id": "GHSA-crhq-582w-h987",
"modified": "2024-02-06T09:31:38Z",
"published": "2024-02-06T09:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22433"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000221720/dsa-2024-063-security-update-for-dell-data-protection-search-multiple-security-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-F9C8-6HR7-729R
Vulnerability from github – Published: 2026-02-11 21:30 – Updated: 2026-02-11 21:30ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database information from the /database_backup/ directory.
{
"affected": [],
"aliases": [
"CVE-2020-37104"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-11T21:16:08Z",
"severity": "HIGH"
},
"details": "ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database information from the /database_backup/ directory.",
"id": "GHSA-f9c8-6hr7-729r",
"modified": "2026-02-11T21:30:40Z",
"published": "2026-02-11T21:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37104"
},
{
"type": "WEB",
"url": "https://github.com/iNextrix/ASTPP"
},
{
"type": "WEB",
"url": "https://www.astppbilling.org"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/47900"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/astpp-voip-billing-database-backup-download"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-FGPG-F5RM-P28P
Vulnerability from github – Published: 2026-07-13 09:31 – Updated: 2026-07-13 09:31A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information (PII) and secrets, to persistent logs. This sensitive data, including bearer tokens and chat content, can be accessed by any user with logging privileges. This vulnerability leads to information disclosure, potentially allowing an attacker to harvest credentials and sensitive conversation content.
{
"affected": [],
"aliases": [
"CVE-2026-15574"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-13T09:16:24Z",
"severity": "HIGH"
},
"details": "A flaw was found in the vllm-orchestrator-gateway component. The system\u0027s production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information (PII) and secrets, to persistent logs. This sensitive data, including bearer tokens and chat content, can be accessed by any user with logging privileges. This vulnerability leads to information disclosure, potentially allowing an attacker to harvest credentials and sensitive conversation content.",
"id": "GHSA-fgpg-f5rm-p28p",
"modified": "2026-07-13T09:31:43Z",
"published": "2026-07-13T09:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-15574"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-15574"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2499594"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FGXX-CH38-43GW
Vulnerability from github – Published: 2022-05-14 03:09 – Updated: 2022-05-14 03:09The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox < 51.
{
"affected": [],
"aliases": [
"CVE-2017-5387"
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-11T21:29:00Z",
"severity": "LOW"
},
"details": "The existence of a specifically requested local file can be found due to the double firing of the \"onerror\" when the \"source\" attribute on a \"\u003ctrack\u003e\" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox \u003c 51.",
"id": "GHSA-fgxx-ch38-43gw",
"modified": "2022-05-14T03:09:40Z",
"published": "2022-05-14T03:09:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5387"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1295023"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95763"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037693"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Do not expose file and directory information to the user.
CAPEC-95: WSDL Scanning
This attack targets the WSDL interface made available by a web service. The attacker may scan the WSDL interface to reveal sensitive information about invocation patterns, underlying technology implementations and associated vulnerabilities. This type of probing is carried out to perform more serious attacks (e.g. parameter tampering, malicious content injection, command injection, etc.). WSDL files provide detailed information about the services ports and bindings available to consumers. For instance, the attacker can submit special characters or malicious content to the Web service and can cause a denial of service condition or illegal access to database records. In addition, the attacker may try to guess other private methods by using the information provided in the WSDL files.