Common Weakness Enumeration

CWE-538

Allowed

Insertion of Sensitive Information into Externally-Accessible File or Directory

Abstraction: Base · Status: Draft

The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

155 vulnerabilities reference this CWE, most recent first.

GHSA-WG43-7Q89-Q52R

Vulnerability from github – Published: 2025-04-01 21:31 – Updated: 2026-04-23 15:36
VLAI
Details

Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in thom4 WP-LESS allows Retrieve Embedded Sensitive Data. This issue affects WP-LESS: from 1.9.3 through 3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-31550"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-01T21:15:49Z",
    "severity": "MODERATE"
  },
  "details": "Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in thom4 WP-LESS allows Retrieve Embedded Sensitive Data. This issue affects WP-LESS: from 1.9.3 through 3.",
  "id": "GHSA-wg43-7q89-q52r",
  "modified": "2026-04-23T15:36:47Z",
  "published": "2025-04-01T21:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31550"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/wp-less/vulnerability/wordpress-wp-less-plugin-1-9-3-3-sensitive-data-exposure-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WG4M-R562-77PW

Vulnerability from github – Published: 2022-02-10 00:00 – Updated: 2022-04-13 00:01
VLAI
Details

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V17 (All versions >= V17 Update 2), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The affected component stores the credentials of a local system account in a potentially publicly accessible project file using an outdated cipher algorithm. An attacker may use this to brute force the credentials and take over the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40363"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312",
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-09T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions \u003c V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions \u003c V16 Update 5), SIMATIC WinCC V17 (All versions \u003c V17 Update 2), SIMATIC WinCC V17 (All versions \u003e= V17 Update 2), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions \u003c V7.5 SP2 Update 6). The affected component stores the credentials of a local system account in a potentially publicly accessible project file using an outdated cipher algorithm. An attacker may use this to brute force the credentials and take over the system.",
  "id": "GHSA-wg4m-r562-77pw",
  "modified": "2022-04-13T00:01:11Z",
  "published": "2022-02-10T00:00:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40363"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-914168.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WHH3-H44P-CPV9

Vulnerability from github – Published: 2025-01-15 18:30 – Updated: 2026-04-01 18:33
VLAI
Details

Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in WPChill Htaccess File Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Htaccess File Editor: from n/a through 1.0.19.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-22773"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-15T16:15:40Z",
    "severity": "MODERATE"
  },
  "details": "Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in WPChill Htaccess File Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Htaccess File Editor: from n/a through 1.0.19.",
  "id": "GHSA-whh3-h44p-cpv9",
  "modified": "2026-04-01T18:33:09Z",
  "published": "2025-01-15T18:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22773"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/htaccess-file-editor/vulnerability/wordpress-htaccess-file-editor-1-0-19-broken-authentication-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XGGC-QPRG-X6MW

Vulnerability from github – Published: 2022-06-23 17:40 – Updated: 2022-06-23 17:40
VLAI
Summary
Weave GitOps leaked cluster credentials into logs on connection errors
Details

Impact

A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of registered Kubernetes clusters, including the service account tokens in plain text from Weave GitOps's pod logs on the management cluster. An unauthorized remote attacker can also view these sensitive configurations from external log storage if enabled by the management cluster.

This vulnerability is due to the client factory dumping cluster configurations and their service account tokens when the cluster manager tries to connect to an API server of a registered cluster, and a connection error occurs. An attacker could exploit this vulnerability by either accessing logs of a pod of Weave GitOps, or from external log storage and obtaining all cluster configurations of registered clusters.

A successful exploit could allow the attacker to use those cluster configurations to manage the registered Kubernetes clusters.

Patches

This vulnerability has been fixed by commit 567356f471353fb5c676c77f5abc2a04631d50ca. Users should upgrade to Weave GitOps core version >= v0.8.1-rc.6 released on 31/05/2022.

Workarounds

There is no workaround for this vulnerability.

References

Disclosed by Stefan Prodan, Principal Engineer, Weaveworks.

For more information

If you have any questions or comments about this advisory: * Open an issue in Weave GitOps repository * Email us at support@weave.works

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.8.1-rc.5"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/weaveworks/weave-gitops"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.8.1-rc.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-31098"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-209",
      "CWE-532",
      "CWE-538"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-23T17:40:34Z",
    "nvd_published_at": "2022-06-27T22:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\nA vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of registered Kubernetes clusters, including the service account tokens in plain text from Weave GitOps\u0027s pod logs on the management cluster. An unauthorized remote attacker can also view these sensitive configurations from external log storage if enabled by the management cluster.\n\nThis vulnerability is due to the client factory dumping cluster configurations and their service account tokens when the cluster manager tries to connect to an API server of a registered cluster, and a connection error occurs. An attacker could exploit this vulnerability by either accessing logs of a pod of Weave GitOps, or from external log storage and obtaining all cluster configurations of registered clusters.\n\nA successful exploit could allow the attacker to use those cluster configurations to manage the registered Kubernetes clusters.\n\n### Patches\nThis vulnerability has been fixed by commit 567356f471353fb5c676c77f5abc2a04631d50ca. Users should upgrade to Weave GitOps core version \u003e= v0.8.1-rc.6 released on 31/05/2022.\n\n### Workarounds\nThere is no workaround for this vulnerability.\n\n### References\nDisclosed by Stefan Prodan, Principal Engineer, Weaveworks.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [Weave GitOps repository](https://github.com/weaveworks/weave-gitops)\n* Email us at [support@weave.works](mailto:support@weave.works)\n",
  "id": "GHSA-xggc-qprg-x6mw",
  "modified": "2022-06-23T17:40:34Z",
  "published": "2022-06-23T17:40:34Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/weaveworks/weave-gitops/security/advisories/GHSA-xggc-qprg-x6mw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31098"
    },
    {
      "type": "WEB",
      "url": "https://github.com/weaveworks/weave-gitops/commit/567356f471353fb5c676c77f5abc2a04631d50ca"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/weaveworks/weave-gitops"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Weave GitOps leaked cluster credentials into logs on connection errors"
}

GHSA-XM94-9JW8-P6HW

Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2022-06-28 23:09
VLAI
Summary
Insertion of Sensitive Information into Externally-Accessible File or Directory in Jenkins Credentials Plugin
Details

Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.1.18"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:credentials"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-10320"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-538"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-28T23:09:37Z",
    "nvd_published_at": "2019-05-21T13:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.",
  "id": "GHSA-xm94-9jw8-p6hw",
  "modified": "2022-06-28T23:09:37Z",
  "published": "2022-05-24T16:46:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10320"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/credentials-plugin/commit/40d0b5cc53c265b601ffaa4469310fad390a80fb"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHBA-2019:1605"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1636"
    },
    {
      "type": "WEB",
      "url": "https://jenkins.io/security/advisory/2019-05-21/#SECURITY-1322"
    },
    {
      "type": "WEB",
      "url": "https://wwws.nightwatchcybersecurity.com/2019/05/23/exploring-the-file-system-via-jenkins-credentials-plugin-vulnerability-cve-2019-10320"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2019/May/39"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/05/21/1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108462"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Insertion of Sensitive Information into Externally-Accessible File or Directory in Jenkins Credentials Plugin"
}

Mitigation
Architecture and Design Operation System Configuration

Do not expose file and directory information to the user.

CAPEC-95: WSDL Scanning

This attack targets the WSDL interface made available by a web service. The attacker may scan the WSDL interface to reveal sensitive information about invocation patterns, underlying technology implementations and associated vulnerabilities. This type of probing is carried out to perform more serious attacks (e.g. parameter tampering, malicious content injection, command injection, etc.). WSDL files provide detailed information about the services ports and bindings available to consumers. For instance, the attacker can submit special characters or malicious content to the Web service and can cause a denial of service condition or illegal access to database records. In addition, the attacker may try to guess other private methods by using the information provided in the WSDL files.