CWE-552
AllowedFiles or Directories Accessible to External Parties
Abstraction: Base · Status: Draft
The product makes files or directories accessible to unauthorized actors, even though they should not be.
670 vulnerabilities reference this CWE, most recent first.
GHSA-769Q-5WW3-V8WW
Vulnerability from github – Published: 2023-12-26 21:30 – Updated: 2024-01-05 15:30The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the backups-dup-lite/tmp directory (or the backups-dup-pro/tmp directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.
{
"affected": [],
"aliases": [
"CVE-2023-6114"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-26T19:15:08Z",
"severity": "HIGH"
},
"details": "The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.",
"id": "GHSA-769q-5ww3-v8ww",
"modified": "2024-01-05T15:30:24Z",
"published": "2023-12-26T21:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6114"
},
{
"type": "WEB",
"url": "https://drive.google.com/file/d/1mpapFCqfZLv__EAM7uivrrl2h55rpi1V/view?usp=sharing"
},
{
"type": "WEB",
"url": "https://wpscan.com/vulnerability/5c5d41b9-1463-4a9b-862f-e9ee600ef8e1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-77X4-9G68-7HXR
Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2022-05-25 00:00An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.
{
"affected": [],
"aliases": [
"CVE-2020-3926"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-02-03T11:15:00Z",
"severity": "HIGH"
},
"details": "An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.",
"id": "GHSA-77x4-9g68-7hxr",
"modified": "2022-05-25T00:00:20Z",
"published": "2022-05-24T17:07:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3926"
},
{
"type": "WEB",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910006"
},
{
"type": "WEB",
"url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-789C-4PGV-92RH
Vulnerability from github – Published: 2022-08-23 00:00 – Updated: 2022-08-26 00:03The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher.
{
"affected": [],
"aliases": [
"CVE-2022-2392"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-22T15:15:00Z",
"severity": "MODERATE"
},
"details": "The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with \"Contributor\" permissions or higher.",
"id": "GHSA-789c-4pgv-92rh",
"modified": "2022-08-26T00:03:36Z",
"published": "2022-08-23T00:00:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2392"
},
{
"type": "WEB",
"url": "https://wpscan.com/vulnerability/5001ed18-858e-4c9d-9d7b-a1305fcdf61b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7C72-6V53-XQ93
Vulnerability from github – Published: 2022-11-04 12:00 – Updated: 2022-11-07 12:00OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.
{
"affected": [],
"aliases": [
"CVE-2022-43449"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-03T20:15:00Z",
"severity": "MODERATE"
},
"details": "OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.",
"id": "GHSA-7c72-6v53-xq93",
"modified": "2022-11-07T12:00:35Z",
"published": "2022-11-04T12:00:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43449"
},
{
"type": "WEB",
"url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-11.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7G45-4RM6-3MM3
Vulnerability from github – Published: 2023-06-14 18:30 – Updated: 2025-11-04 16:44Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.
Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.google.guava:guava"
},
"ranges": [
{
"events": [
{
"introduced": "1.0"
},
{
"fixed": "32.0.0-android"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-2976"
],
"database_specific": {
"cwe_ids": [
"CWE-379",
"CWE-552"
],
"github_reviewed": true,
"github_reviewed_at": "2023-06-14T21:01:07Z",
"nvd_published_at": "2023-06-14T18:15:09Z",
"severity": "MODERATE"
},
"details": "Use of Java\u0027s default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.\n\nEven though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.",
"id": "GHSA-7g45-4rm6-3mm3",
"modified": "2025-11-04T16:44:26Z",
"published": "2023-06-14T18:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
},
{
"type": "WEB",
"url": "https://github.com/google/guava/issues/2575"
},
{
"type": "WEB",
"url": "https://github.com/google/guava/issues/6532"
},
{
"type": "WEB",
"url": "https://github.com/google/guava/commit/feb83a1c8fd2e7670b244d5afd23cba5aca43284"
},
{
"type": "PACKAGE",
"url": "https://github.com/google/guava"
},
{
"type": "WEB",
"url": "https://github.com/google/guava/releases/tag/v32.0.0"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230818-0008"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20241108-0002"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Guava vulnerable to insecure use of temporary directory"
}
GHSA-7GVX-RVMQ-CW57
Vulnerability from github – Published: 2025-05-19 06:30 – Updated: 2025-05-19 06:30A vulnerability classified as critical was found in SourceCodester Client Database Management System 1.0. This vulnerability affects unknown code. The manipulation leads to exposure of information through directory listing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-4909"
],
"database_specific": {
"cwe_ids": [
"CWE-548",
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-19T04:15:42Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as critical was found in SourceCodester Client Database Management System 1.0. This vulnerability affects unknown code. The manipulation leads to exposure of information through directory listing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-7gvx-rvmq-cw57",
"modified": "2025-05-19T06:30:35Z",
"published": "2025-05-19T06:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4909"
},
{
"type": "WEB",
"url": "https://github.com/dengxun628/cve/issues/3"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.309466"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.309466"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.578723"
},
{
"type": "WEB",
"url": "https://www.sourcecodester.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-7QQR-WWJQ-98V6
Vulnerability from github – Published: 2022-09-29 00:00 – Updated: 2022-10-01 00:00When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
{
"affected": [],
"aliases": [
"CVE-2022-3287"
],
"database_specific": {
"cwe_ids": [
"CWE-256",
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-28T20:15:00Z",
"severity": "MODERATE"
},
"details": "When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.",
"id": "GHSA-7qqr-wwjq-98v6",
"modified": "2022-10-01T00:00:21Z",
"published": "2022-09-29T00:00:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3287"
},
{
"type": "WEB",
"url": "https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7R68-66H2-V7F6
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-06-29 00:00The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance.
{
"affected": [],
"aliases": [
"CVE-2021-22015"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-23T13:15:00Z",
"severity": "HIGH"
},
"details": "The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance.",
"id": "GHSA-7r68-66h2-v7f6",
"modified": "2022-06-29T00:00:44Z",
"published": "2022-05-24T19:15:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22015"
},
{
"type": "WEB",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/170116/VMware-vCenter-vScalation-Privilege-Escalation.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7VC2-X95V-G6M9
Vulnerability from github – Published: 2026-06-22 15:30 – Updated: 2026-06-22 18:34GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user approval) via a file-handler URI parameter to fetch_webpage. Therefore, exfiltration could occur if there is indirect prompt injection.
{
"affected": [],
"aliases": [
"CVE-2025-66389"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-22T14:16:24Z",
"severity": "HIGH"
},
"details": "GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user approval) via a file-handler URI parameter to fetch_webpage. Therefore, exfiltration could occur if there is indirect prompt injection.",
"id": "GHSA-7vc2-x95v-g6m9",
"modified": "2026-06-22T18:34:11Z",
"published": "2026-06-22T15:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66389"
},
{
"type": "WEB",
"url": "https://blindcyber.com/2025/10/28/copilot-fun"
},
{
"type": "WEB",
"url": "https://github.com/microsoft/vscode-copilot-chat"
},
{
"type": "WEB",
"url": "https://github.com/microsoft/vscode/blob/03baef1008086ed4960042fa463e570072173bb5/src/vs/workbench/contrib/chat/electron-browser/tools/fetchPageTool.ts#L152"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7XFV-PF6F-P6V2
Vulnerability from github – Published: 2023-08-04 00:30 – Updated: 2025-05-19 21:30Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system.
{
"affected": [],
"aliases": [
"CVE-2023-38952"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-03T23:15:11Z",
"severity": "HIGH"
},
"details": "Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system.",
"id": "GHSA-7xfv-pf6f-p6v2",
"modified": "2025-05-19T21:30:27Z",
"published": "2023-08-04T00:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38952"
},
{
"type": "WEB",
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-38952"
},
{
"type": "WEB",
"url": "https://github.com/omair2084/biotime-rce-8.5.5/blob/main/biotime_enum.py"
},
{
"type": "WEB",
"url": "https://krashconsulting.com/fury-of-fingers-biotime-rce"
},
{
"type": "WEB",
"url": "https://sploitus.com/exploit?id=PACKETSTORM:177859"
},
{
"type": "WEB",
"url": "http://zkteco.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.
CAPEC-150: Collect Data from Common Resource Locations
An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.
CAPEC-639: Probe System Files
An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.