Common Weakness Enumeration

CWE-552

Allowed

Files or Directories Accessible to External Parties

Abstraction: Base · Status: Draft

The product makes files or directories accessible to unauthorized actors, even though they should not be.

670 vulnerabilities reference this CWE, most recent first.

GHSA-4X9C-4G9P-35RM

Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44
VLAI
Details

It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. Red Hat Certification 6 and 7 is vulnerable to this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-3897"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-16T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. Red Hat Certification 6 and 7 is vulnerable to this issue.",
  "id": "GHSA-4x9c-4g9p-35rm",
  "modified": "2022-05-24T17:44:39Z",
  "published": "2022-05-24T17:44:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3897"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593768"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-5272-PF3M-MJF3

Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-05-13 01:50
VLAI
Details

LG LNB, LND, LNU, and LNV smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-16946"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-12T01:29:00Z",
    "severity": "HIGH"
  },
  "details": "LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log \u0026 Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password.",
  "id": "GHSA-5272-pf3m-mjf3",
  "modified": "2022-05-13T01:50:27Z",
  "published": "2022-05-13T01:50:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16946"
    },
    {
      "type": "WEB",
      "url": "https://github.com/EgeBalci/LG-Smart-IP-Device-Backup-Download"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/45394"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-529R-WPPW-C5CH

Vulnerability from github – Published: 2023-12-14 18:30 – Updated: 2023-12-14 18:30
VLAI
Details

Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary files from the target system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-48661"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-14T16:15:49Z",
    "severity": "MODERATE"
  },
  "details": "\nDell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary files from the target system.\n\n",
  "id": "GHSA-529r-wppw-c5ch",
  "modified": "2023-12-14T18:30:20Z",
  "published": "2023-12-14T18:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48661"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000220427/dsa-2023-443-dell-powermaxos-5978-dell-unisphere-360-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-solutions-enabler-virtual-appliance-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-53H8-W7QC-W9RQ

Vulnerability from github – Published: 2026-01-13 21:31 – Updated: 2026-01-13 21:31
VLAI
Details

Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. Successful exploitation of this vulnerability could allow an unauthenticated remote malicious actor to delete arbitrary files within the affected system and potentially result in denial-of-service conditions on affected devices.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-37168"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-13T20:16:04Z",
    "severity": "HIGH"
  },
  "details": "Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. Successful exploitation of this vulnerability could allow an unauthenticated remote malicious actor to delete arbitrary files within the affected system and potentially result in denial-of-service conditions on affected devices.",
  "id": "GHSA-53h8-w7qc-w9rq",
  "modified": "2026-01-13T21:31:44Z",
  "published": "2026-01-13T21:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37168"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04987en_us\u0026docLocale=en_US"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-54MQ-99QQ-7HR5

Vulnerability from github – Published: 2025-05-28 18:33 – Updated: 2025-10-22 00:33
VLAI
Details

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-48928"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-528",
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-28T17:15:25Z",
    "severity": "MODERATE"
  },
  "details": "The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a \"core dump\" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.",
  "id": "GHSA-54mq-99qq-7hr5",
  "modified": "2025-10-22T00:33:18Z",
  "published": "2025-05-28T18:33:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48928"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48928"
    },
    {
      "type": "WEB",
      "url": "https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5553-RF4F-G9QC

Vulnerability from github – Published: 2025-02-24 15:30 – Updated: 2026-06-01 15:30
VLAI
Details

Files or Directories Accessible to External Parties vulnerability in Agito Computer Health4All allows Exploiting Incorrectly Configured Access Control Security Levels, Authentication Abuse.This issue affects Health4All: before 10.01.2025.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-12917"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-24T15:15:12Z",
    "severity": "HIGH"
  },
  "details": "Files or Directories Accessible to External Parties vulnerability in Agito Computer Health4All allows Exploiting Incorrectly Configured Access Control Security Levels, Authentication Abuse.This issue affects Health4All: before 10.01.2025.",
  "id": "GHSA-5553-rf4f-g9qc",
  "modified": "2026-06-01T15:30:32Z",
  "published": "2025-02-24T15:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12917"
    },
    {
      "type": "WEB",
      "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0042"
    },
    {
      "type": "WEB",
      "url": "https://www.usom.gov.tr/bildirim/tr-25-0042"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-56QR-6HFH-52CG

Vulnerability from github – Published: 2022-05-21 00:00 – Updated: 2022-06-03 00:00
VLAI
Details

Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Hover Effects plugin <= 2.1 at WordPress.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-29447"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-20T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company\u0027s Hover Effects plugin \u003c= 2.1 at WordPress.",
  "id": "GHSA-56qr-6hfh-52cg",
  "modified": "2022-06-03T00:00:57Z",
  "published": "2022-05-21T00:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29447"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/hover-effects/wordpress-hover-effects-plugin-2-1-authenticated-local-file-inclusion-lfi-vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://wordpress.org/plugins/hover-effects/#developers"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-57GH-M6RQ-54CF

Vulnerability from github – Published: 2026-04-03 02:53 – Updated: 2026-04-03 02:53
VLAI
Summary
OpenClaw: Self-Whitelisting in appendLocalMediaParentRoots Allows Arbitrary File Read & Credential Exfiltration
Details

Summary

Media Local Roots Self-Whitelisting in appendLocalMediaParentRoots Allows Model-Initiated Arbitrary Host File Read and Credential Exfiltration

Current Maintainer Triage

  • Status: narrow
  • Normalized severity: medium
  • Assessment: v2026.3.28 still self-whitelists media parent dirs in src/media/local-roots.ts, but only after config already permits tool-fs root expansion, so the impact is narrower than the default-critical framing.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Latest published npm version: 2026.3.31
  • Vulnerable version range: <=2026.3.28
  • Patched versions: >= 2026.3.31
  • First stable tag containing the fix: v2026.3.31

Fix Commit(s)

  • 1ca4261d7e055d0be141ed79ebb1365d0fbc7364 — 2026-03-30T17:15:03+01:00

OpenClaw thanks @tdjackey for reporting.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2026.3.28"
      },
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.3.31"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-03T02:53:58Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "## Summary\nMedia Local Roots Self-Whitelisting in `appendLocalMediaParentRoots` Allows Model-Initiated Arbitrary Host File Read and Credential Exfiltration\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: medium\n- Assessment: v2026.3.28 still self-whitelists media parent dirs in src/media/local-roots.ts, but only after config already permits tool-fs root expansion, so the impact is narrower than the default-critical framing.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `\u003c=2026.3.28`\n- Patched versions: `\u003e= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `1ca4261d7e055d0be141ed79ebb1365d0fbc7364` \u2014 2026-03-30T17:15:03+01:00\n\nOpenClaw thanks @tdjackey for reporting.",
  "id": "GHSA-57gh-m6rq-54cf",
  "modified": "2026-04-03T02:53:58Z",
  "published": "2026-04-03T02:53:58Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-57gh-m6rq-54cf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/1ca4261d7e055d0be141ed79ebb1365d0fbc7364"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw: Self-Whitelisting in appendLocalMediaParentRoots Allows Arbitrary File Read \u0026 Credential Exfiltration"
}

GHSA-5824-6JFV-XR3R

Vulnerability from github – Published: 2022-05-26 00:01 – Updated: 2022-06-09 22:55
VLAI
Summary
Arbitrary file read in ginadmin
Details

In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading. A patch is available on the master branch of the repository.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/gphper/ginadmin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-30428"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-01T21:12:49Z",
    "nvd_published_at": "2022-05-25T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading. A [patch](https://github.com/gphper/ginadmin/commit/726109f01ad23523715f36f7d272958064666a30) is available on the `master` branch of the repository.",
  "id": "GHSA-5824-6jfv-xr3r",
  "modified": "2022-06-09T22:55:49Z",
  "published": "2022-05-26T00:01:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30428"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gphper/ginadmin/issues/9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gphper/ginadmin/commit/726109f01ad23523715f36f7d272958064666a30"
    },
    {
      "type": "PACKAGE",
      "url": "github.com/gphper/ginadmin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Arbitrary file read in ginadmin"
}

GHSA-58F3-CX8P-H8JG

Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2024-04-23 22:30
VLAI
Summary
Drupal core access bypass vulnerability
Details

In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "drupal/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0"
            },
            {
              "fixed": "7.56"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "drupal/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0"
            },
            {
              "fixed": "8.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "drupal/drupal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0"
            },
            {
              "fixed": "8.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "drupal/drupal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0"
            },
            {
              "fixed": "7.56"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-6922"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-23T22:30:57Z",
    "nvd_published_at": "2019-01-22T15:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system.",
  "id": "GHSA-58f3-cx8p-h8jg",
  "modified": "2024-04-23T22:30:57Z",
  "published": "2022-05-13T01:36:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6922"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6922.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6922.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/drupal/core"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2017/dsa-3897"
    },
    {
      "type": "WEB",
      "url": "https://www.drupal.org/SA-CORE-2017-003"
    },
    {
      "type": "WEB",
      "url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99219"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038781"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Drupal core access bypass vulnerability"
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.

CAPEC-150: Collect Data from Common Resource Locations

An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.

CAPEC-639: Probe System Files

An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.