CWE-459
AllowedIncomplete Cleanup
Abstraction: Base · Status: Draft
The product does not properly "clean up" and remove temporary or supporting resources after they have been used.
223 vulnerabilities reference this CWE, most recent first.
GHSA-4PGG-95H7-RQC6
Vulnerability from github – Published: 2023-02-13 12:30 – Updated: 2023-02-23 06:30Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.
{
"affected": [],
"aliases": [
"CVE-2022-45455"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-13T10:15:00Z",
"severity": "HIGH"
},
"details": "Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.",
"id": "GHSA-4pgg-95h7-rqc6",
"modified": "2023-02-23T06:30:17Z",
"published": "2023-02-13T12:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45455"
},
{
"type": "WEB",
"url": "https://security-advisory.acronis.com/advisories/SEC-4459"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4RMQ-MC2C-R495
Vulnerability from github – Published: 2025-12-09 14:25 – Updated: 2025-12-09 14:25Summary
A state consistency bug in x/costaking can leave a BTC delegator with non-zero ActiveSatoshis (Phatom Stake) even after they have fully unbonded their BTC delegation, if their Finality Provider (FP) drops out of the active set in the exact same babylon block height. This creates a “phantom stake”: the delegator’s BTC capital is withdrawn, the FP is inactive, but costaking continues to treat the delegation as active BTC stake allowing ongoing rewards accrual without backing BTC.
Impact
An address can keep earning costaking rewards with zero BTC staked.
Reported by @BottyBott.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/babylonlabs-io/babylon/v4"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.2.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/babylonlabs-io/babylon/v3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.0.0-snapshot.250805a"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/babylonlabs-io/babylon/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.3.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/babylonlabs-io/babylon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-09T14:25:03Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\n\nA state consistency bug in `x/costaking` can leave a BTC delegator with non-zero `ActiveSatoshis` (Phatom Stake) even after they have fully unbonded their BTC delegation, if their Finality Provider (FP) drops out of the active set in the exact same babylon block height. This creates a \u201cphantom stake\u201d: the delegator\u2019s BTC capital is withdrawn, the FP is inactive, but costaking continues to treat the delegation as active BTC stake allowing ongoing rewards accrual without backing BTC.\n\n### Impact\n\nAn address can keep earning costaking rewards with zero BTC staked.\n\nReported by @BottyBott.",
"id": "GHSA-4rmq-mc2c-r495",
"modified": "2025-12-09T14:25:03Z",
"published": "2025-12-09T14:25:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/babylonlabs-io/babylon/security/advisories/GHSA-4rmq-mc2c-r495"
},
{
"type": "WEB",
"url": "https://github.com/babylonlabs-io/babylon/commit/e65c3a55a398a403103f1b089cf76f0d4befc7a0"
},
{
"type": "PACKAGE",
"url": "https://github.com/babylonlabs-io/babylon"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Babylon Incorrect FP inactive accounting in costaking creates \u201cphantom stake\u201d that earns rewards after BTC unbond"
}
GHSA-4VFX-XRP7-4C4H
Vulnerability from github – Published: 2025-01-16 15:32 – Updated: 2025-05-07 18:30Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in the file upload functionality on the ‘/pmb/authorities/import/iimport_authorities’ endpoint. When a file is uploaded via this resource, the server will create a temporary file that will be deleted after the client sends a POST request to ‘/pmb/authorities/import/iimport_authorities’. This workflow is automated by the web client, however an attacker can trap and launch the second POST request to prevent the temporary file from being deleted.
{
"affected": [],
"aliases": [
"CVE-2025-0473"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-16T13:15:07Z",
"severity": "MODERATE"
},
"details": "Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in the file upload functionality on the \u2018/pmb/authorities/import/iimport_authorities\u2019 endpoint. When a file is uploaded via this resource, the server will create a temporary file that will be deleted after the client sends a POST request to \u2018/pmb/authorities/import/iimport_authorities\u2019. This workflow is automated by the web client, however an attacker can trap and launch the second POST request to prevent the temporary file from being deleted.",
"id": "GHSA-4vfx-xrp7-4c4h",
"modified": "2025-05-07T18:30:41Z",
"published": "2025-01-16T15:32:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0473"
},
{
"type": "WEB",
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-pmb-platform"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4X44-GF2F-7MH8
Vulnerability from github – Published: 2026-02-25 15:31 – Updated: 2026-02-25 15:31In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk
{
"affected": [],
"aliases": [
"CVE-2026-28196"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-25T14:16:21Z",
"severity": "LOW"
},
"details": "In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk",
"id": "GHSA-4x44-gf2f-7mh8",
"modified": "2026-02-25T15:31:40Z",
"published": "2026-02-25T15:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28196"
},
{
"type": "WEB",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-55C6-R3WH-X7CJ
Vulnerability from github – Published: 2022-04-30 18:13 – Updated: 2024-02-08 21:30ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.
{
"affected": [],
"aliases": [
"CVE-2000-0552"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2000-06-06T04:00:00Z",
"severity": "LOW"
},
"details": "ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.",
"id": "GHSA-55c6-r3wh-x7cj",
"modified": "2024-02-08T21:30:28Z",
"published": "2022-04-30T18:13:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2000-0552"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4607"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0237.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/1307"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-59FP-J85Q-63J4
Vulnerability from github – Published: 2024-09-04 21:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails
If the dpu_format_populate_layout() fails, then FB is prepared, but not cleaned up. This ends up leaking the pin_count on the GEM object and causes a splat during DRM file closure:
msm_obj->pin_count WARNING: CPU: 2 PID: 569 at drivers/gpu/drm/msm/msm_gem.c:121 update_lru_locked+0xc4/0xcc [...] Call trace: update_lru_locked+0xc4/0xcc put_pages+0xac/0x100 msm_gem_free_object+0x138/0x180 drm_gem_object_free+0x1c/0x30 drm_gem_object_handle_put_unlocked+0x108/0x10c drm_gem_object_release_handle+0x58/0x70 idr_for_each+0x68/0xec drm_gem_release+0x28/0x40 drm_file_free+0x174/0x234 drm_release+0xb0/0x160 __fput+0xc0/0x2c8 __fput_sync+0x50/0x5c __arm64_sys_close+0x38/0x7c invoke_syscall+0x48/0x118 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x4c/0x120 el0t_64_sync_handler+0x100/0x12c el0t_64_sync+0x190/0x194 irq event stamp: 129818 hardirqs last enabled at (129817): [] console_unlock+0x118/0x124 hardirqs last disabled at (129818): [] el1_dbg+0x24/0x8c softirqs last enabled at (129808): [] handle_softirqs+0x4c8/0x4e8 softirqs last disabled at (129785): [] __do_softirq+0x14/0x20
Patchwork: https://patchwork.freedesktop.org/patch/600714/
{
"affected": [],
"aliases": [
"CVE-2024-44982"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-04T20:15:07Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: cleanup FB if dpu_format_populate_layout fails\n\nIf the dpu_format_populate_layout() fails, then FB is prepared, but not\ncleaned up. This ends up leaking the pin_count on the GEM object and\ncauses a splat during DRM file closure:\n\nmsm_obj-\u003epin_count\nWARNING: CPU: 2 PID: 569 at drivers/gpu/drm/msm/msm_gem.c:121 update_lru_locked+0xc4/0xcc\n[...]\nCall trace:\n update_lru_locked+0xc4/0xcc\n put_pages+0xac/0x100\n msm_gem_free_object+0x138/0x180\n drm_gem_object_free+0x1c/0x30\n drm_gem_object_handle_put_unlocked+0x108/0x10c\n drm_gem_object_release_handle+0x58/0x70\n idr_for_each+0x68/0xec\n drm_gem_release+0x28/0x40\n drm_file_free+0x174/0x234\n drm_release+0xb0/0x160\n __fput+0xc0/0x2c8\n __fput_sync+0x50/0x5c\n __arm64_sys_close+0x38/0x7c\n invoke_syscall+0x48/0x118\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x4c/0x120\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194\nirq event stamp: 129818\nhardirqs last enabled at (129817): [\u003cffffa5f6d953fcc0\u003e] console_unlock+0x118/0x124\nhardirqs last disabled at (129818): [\u003cffffa5f6da7dcf04\u003e] el1_dbg+0x24/0x8c\nsoftirqs last enabled at (129808): [\u003cffffa5f6d94afc18\u003e] handle_softirqs+0x4c8/0x4e8\nsoftirqs last disabled at (129785): [\u003cffffa5f6d94105e4\u003e] __do_softirq+0x14/0x20\n\nPatchwork: https://patchwork.freedesktop.org/patch/600714/",
"id": "GHSA-59fp-j85q-63j4",
"modified": "2025-11-04T00:31:22Z",
"published": "2024-09-04T21:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44982"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/02193c70723118889281f75b88722b26b58bf4ae"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7ecf85542169012765e4c2817cd3be6c2e009962"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9b8b65211a880af8fe8330a101e1e239a2d4008f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a3c5815b07f4ee19d0b7e2ddf91ff9f03ecbf27d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bfa1a6283be390947d3649c482e5167186a37016"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-59XC-99WG-3HGF
Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40There is an unsafe incomplete reset of PATH in OpenDoas 6.6 through 6.8 when changing the user context.
{
"affected": [],
"aliases": [
"CVE-2019-25016"
],
"database_specific": {
"cwe_ids": [
"CWE-459",
"CWE-732"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-28T20:15:00Z",
"severity": "HIGH"
},
"details": "There is an unsafe incomplete reset of PATH in OpenDoas 6.6 through 6.8 when changing the user context.",
"id": "GHSA-59xc-99wg-3hgf",
"modified": "2022-05-24T17:40:29Z",
"published": "2022-05-24T17:40:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25016"
},
{
"type": "WEB",
"url": "https://github.com/Duncaen/OpenDoas/issues/45"
},
{
"type": "WEB",
"url": "https://github.com/Duncaen/OpenDoas/commit/01c658f8c45cb92a343be5f32aa6da70b2032168"
},
{
"type": "WEB",
"url": "https://github.com/Duncaen/OpenDoas/commit/d5acd52e2a15c36a8e06f9103d35622933aa422d"
},
{
"type": "WEB",
"url": "https://github.com/Duncaen/OpenDoas/releases/tag/v6.8.1"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5R2R-XPFW-PMXC
Vulnerability from github – Published: 2024-04-17 12:32 – Updated: 2025-03-27 21:31In the Linux kernel, the following vulnerability has been resolved:
nfc: nci: free rx_data_reassembly skb on NCI device cleanup
rx_data_reassembly skb is stored during NCI data exchange for processing fragmented packets. It is dropped only when the last fragment is processed or when an NTF packet with NCI_OP_RF_DEACTIVATE_NTF opcode is received. However, the NCI device may be deallocated before that which leads to skb leak.
As by design the rx_data_reassembly skb is bound to the NCI device and nothing prevents the device to be freed before the skb is processed in some way and cleaned, free it on the NCI device cleanup.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
{
"affected": [],
"aliases": [
"CVE-2024-26825"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-17T10:15:09Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: free rx_data_reassembly skb on NCI device cleanup\n\nrx_data_reassembly skb is stored during NCI data exchange for processing\nfragmented packets. It is dropped only when the last fragment is processed\nor when an NTF packet with NCI_OP_RF_DEACTIVATE_NTF opcode is received.\nHowever, the NCI device may be deallocated before that which leads to skb\nleak.\n\nAs by design the rx_data_reassembly skb is bound to the NCI device and\nnothing prevents the device to be freed before the skb is processed in\nsome way and cleaned, free it on the NCI device cleanup.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"id": "GHSA-5r2r-xpfw-pmxc",
"modified": "2025-03-27T21:31:09Z",
"published": "2024-04-17T12:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26825"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/16d3f507b0fa70453dc54550df093d6e9ac630c1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2f6d16f0520d6505241629ee2f5c131b547d5f9d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/471c9ede8061357b43a116fa692e70d91941ac23"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5c0c5ffaed73cbae6c317374dc32ba6cacc60895"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/71349abe3aba7fedcab5b3fcd7aa82371fb5ccbf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7e9a8498658b398bf11b8e388005fa54e40aed81"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a3d90fb5c23f29ba59c04005ae76c5228cef2be9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bfb007aebe6bff451f7f3a4be19f4f286d0d5d9c"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5R67-W9X9-QVV7
Vulnerability from github – Published: 2025-09-22 21:30 – Updated: 2025-09-22 21:30CMSEasy v7.7.8.0 and before is vulnerable to Arbitrary file deletion in database_admin.php.
{
"affected": [],
"aliases": [
"CVE-2025-55910"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-19T16:15:45Z",
"severity": "MODERATE"
},
"details": "CMSEasy v7.7.8.0 and before is vulnerable to Arbitrary file deletion in database_admin.php.",
"id": "GHSA-5r67-w9x9-qvv7",
"modified": "2025-09-22T21:30:18Z",
"published": "2025-09-22T21:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55910"
},
{
"type": "WEB",
"url": "https://github.com/Y4y17/CVE/blob/main/CMSEasy/Arbitrary%20file%20deletion%20vulnerability.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-5X5Q-FCW5-7FRV
Vulnerability from github – Published: 2022-01-26 00:01 – Updated: 2022-03-26 00:01Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time this cleanup gets invoked, the cleanup attempt may be scheduled to be retried. When multiple interrupts are involved, this scheduling of a retry may get erroneously skipped. At the same time pointers may get cleared (resulting in a de-reference of NULL) and freed (resulting in a use-after-free), while other code would continue to assume them to be valid.
{
"affected": [],
"aliases": [
"CVE-2022-23035"
],
"database_specific": {
"cwe_ids": [
"CWE-459"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-25T14:15:00Z",
"severity": "MODERATE"
},
"details": "Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest\u0027s use of the device. In the case where an interrupt is not quiescent yet at the time this cleanup gets invoked, the cleanup attempt may be scheduled to be retried. When multiple interrupts are involved, this scheduling of a retry may get erroneously skipped. At the same time pointers may get cleared (resulting in a de-reference of NULL) and freed (resulting in a use-after-free), while other code would continue to assume them to be valid.",
"id": "GHSA-5x5q-fcw5-7frv",
"modified": "2022-03-26T00:01:03Z",
"published": "2022-01-26T00:01:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23035"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMR6UBGJW6JKND7IILGQ2CU35EQPF3E3"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-23"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5117"
},
{
"type": "WEB",
"url": "https://xenbits.xenproject.org/xsa/advisory-395.txt"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/01/25/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Temporary files and other supporting resources should be deleted/released immediately after they are no longer needed.
No CAPEC attack patterns related to this CWE.