Common Weakness Enumeration

CWE-538

Allowed

Insertion of Sensitive Information into Externally-Accessible File or Directory

Abstraction: Base · Status: Draft

The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

155 vulnerabilities reference this CWE, most recent first.

GHSA-FJQ3-H34R-Q4FP

Vulnerability from github – Published: 2026-05-05 12:31 – Updated: 2026-05-05 12:31
VLAI
Details

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then construct direct download URLs to retrieve sensitive backup archives containing full database dumps.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-54346"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-05T12:16:17Z",
    "severity": "HIGH"
  },
  "details": "WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then construct direct download URLs to retrieve sensitive backup archives containing full database dumps.",
  "id": "GHSA-fjq3-h34r-q4fp",
  "modified": "2026-05-05T12:31:38Z",
  "published": "2026-05-05T12:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54346"
    },
    {
      "type": "WEB",
      "url": "https://backupbliss.com"
    },
    {
      "type": "WEB",
      "url": "https://downloads.wordpress.org/plugin/backup-backup.1.2.8.zip"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/51445"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/wordpress-plugin-backup-migration-unauthenticated-database-backup-download"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-FQXH-XW44-6M6R

Vulnerability from github – Published: 2024-07-10 03:30 – Updated: 2024-07-10 03:30
VLAI
Details

The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4. This makes it possible for attackers with contributor access or higher to read the contents of arbitrary files on the server, which can contain sensitive information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-7062"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-10T02:15:02Z",
    "severity": "HIGH"
  },
  "details": "The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4. This makes it possible for attackers with contributor access or higher to read the contents of arbitrary files on the server, which can contain sensitive information.",
  "id": "GHSA-fqxh-xw44-6m6r",
  "modified": "2024-07-10T03:30:35Z",
  "published": "2024-07-10T03:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7062"
    },
    {
      "type": "WEB",
      "url": "https://advancedfilemanager.com/product/file-manager-advanced-shortcode-wordpress"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8bf009f5-cf9e-4d38-9679-d3abb5817d30?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FV26-QM6R-MMQ5

Vulnerability from github – Published: 2025-01-08 21:32 – Updated: 2025-01-08 21:32
VLAI
Details

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.1, starting from 17.6 prior to 17.6.1, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-0194"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-08T20:15:29Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.1, starting from 17.6 prior to 17.6.1, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner.",
  "id": "GHSA-fv26-qm6r-mmq5",
  "modified": "2025-01-08T21:32:26Z",
  "published": "2025-01-08T21:32:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0194"
    },
    {
      "type": "WEB",
      "url": "https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/#possible-access-token-exposure-in-gitlab-logs"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/489459"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G2PQ-9JR7-W6GV

Vulnerability from github – Published: 2025-09-03 15:30 – Updated: 2025-11-05 20:42
VLAI
Summary
Jenkins Git client Plugin file system information disclosure vulnerability
Details

In Jenkins Git client Plugin 6.3.2 and earlier, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:git-client"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-58458"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-538"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-03T22:22:25Z",
    "nvd_published_at": "2025-09-03T15:15:39Z",
    "severity": "MODERATE"
  },
  "details": "In Jenkins Git client Plugin 6.3.2 and earlier, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.",
  "id": "GHSA-g2pq-9jr7-w6gv",
  "modified": "2025-11-05T20:42:59Z",
  "published": "2025-09-03T15:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58458"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/git-client-plugin/commit/20090a86c3ebc72e5283c882de73e3a4459137bb"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/git-client-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2025-09-03/#SECURITY-3590"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/09/03/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Jenkins Git client Plugin file system information disclosure vulnerability"
}

GHSA-GP6G-V2W2-6G56

Vulnerability from github – Published: 2023-09-05 15:30 – Updated: 2024-04-04 07:29
VLAI
Details

Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write files to arbitrary locations, provided the files pass the application’s mime-type and file extension validation. 

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4480"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-05T15:15:42Z",
    "severity": "MODERATE"
  },
  "details": "\nDue to an out-of-date dependency in the \u201cFusion File Manager\u201d component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write files to arbitrary locations, provided the files pass the application\u2019s mime-type and file extension validation.\u00a0\n\n",
  "id": "GHSA-gp6g-v2w2-6g56",
  "modified": "2024-04-04T07:29:00Z",
  "published": "2023-09-05T15:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4480"
    },
    {
      "type": "WEB",
      "url": "https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GR5R-WC3P-J783

Vulnerability from github – Published: 2025-08-20 12:31 – Updated: 2025-08-20 12:31
VLAI
Details

In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-57734"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-20T10:15:31Z",
    "severity": "MODERATE"
  },
  "details": "In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files",
  "id": "GHSA-gr5r-wc3p-j783",
  "modified": "2025-08-20T12:31:15Z",
  "published": "2025-08-20T12:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57734"
    },
    {
      "type": "WEB",
      "url": "https://www.jetbrains.com/privacy-security/issues-fixed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GWVM-VRP4-4PP5

Vulnerability from github – Published: 2023-03-24 22:04 – Updated: 2023-03-24 22:04
VLAI
Summary
angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend
Details

Impact

angular-server-side-configuration detects used environment variables in TypeScript (.ts) files during build time of an Angular CLI project. The detected environment variables are written to a ngssc.json file in the output directory. During deployment of an Angular based app, the environment variables based on the variables from ngssc.json are inserted into the apps index.html (or defined index file).

With version 15 the environment variable detection was widened to the entire project, relative to the angular.json file from the Angular CLI. In a monorepo setup, this could lead to environment variables intended for a backend/service to be detected and written to the ngssc.json, which would then be populated and exposed via index.html.

This has NO IMPACT, in a plain Angular project that has no backend component.

Patches

Vulnerability has been mitigated in 15.1.0, by adding an option searchPattern which restricts the detection file range by default.

# Update via npm
npm update angular-server-side-configuration
## Or more specific
npm install angular-server-side-configuration@15.1.0

# Update via pnpm
pnpm update angular-server-side-configuration
## Or more specific
pnpm add angular-server-side-configuration@15.1.0

# Update via yarn
yarn update angular-server-side-configuration
## Or more specific
yarn add angular-server-side-configuration@15.1.0

Workarounds

Manually edit or create ngssc.json or run a script after ngssc.json generation

References

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "angular-server-side-configuration"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "15.0.0"
            },
            {
              "fixed": "15.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-28444"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-538"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-24T22:04:35Z",
    "nvd_published_at": "2023-03-24T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\nangular-server-side-configuration detects used environment variables in TypeScript (.ts) files during build time of an Angular CLI project. The detected environment variables are written to a ngssc.json file in the output directory.\nDuring deployment of an Angular based app, the environment variables based on the variables from ngssc.json are inserted into the apps index.html (or defined index file).\n\nWith version 15 the environment variable detection was widened to the entire project, relative to the angular.json file from the Angular CLI. In a monorepo setup, this could lead to environment variables intended for a backend/service to be detected and written to the ngssc.json, which would then be populated and exposed via index.html.\n\nThis has NO IMPACT, in a plain Angular project that has no backend component.\n\n### Patches\nVulnerability has been mitigated in 15.1.0, by adding an option `searchPattern` which restricts the detection file range by default.\n\n```bash\n# Update via npm\nnpm update angular-server-side-configuration\n## Or more specific\nnpm install angular-server-side-configuration@15.1.0\n\n# Update via pnpm\npnpm update angular-server-side-configuration\n## Or more specific\npnpm add angular-server-side-configuration@15.1.0\n\n# Update via yarn\nyarn update angular-server-side-configuration\n## Or more specific\nyarn add angular-server-side-configuration@15.1.0\n```\n\n### Workarounds\nManually edit or create ngssc.json or run a script after ngssc.json generation\n\n### References\n\n ",
  "id": "GHSA-gwvm-vrp4-4pp5",
  "modified": "2023-03-24T22:04:35Z",
  "published": "2023-03-24T22:04:35Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/kyubisation/angular-server-side-configuration/security/advisories/GHSA-gwvm-vrp4-4pp5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28444"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kyubisation/angular-server-side-configuration/commit/d701f51260637a84ede278e248934e0437a7ff86"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kyubisation/angular-server-side-configuration"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kyubisation/angular-server-side-configuration/releases/tag/v15.1.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend"
}

GHSA-H26C-C6VW-JJJM

Vulnerability from github – Published: 2025-03-18 18:30 – Updated: 2025-03-19 21:30
VLAI
Details

yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-25586"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-18T16:15:27Z",
    "severity": "MODERATE"
  },
  "details": "yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml.",
  "id": "GHSA-h26c-c6vw-jjjm",
  "modified": "2025-03-19T21:30:52Z",
  "published": "2025-03-18T18:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25586"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/r1bbit/yimioa/issues/IBI7LR"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H68H-QCXP-QV6V

Vulnerability from github – Published: 2026-03-12 18:30 – Updated: 2026-03-12 18:30
VLAI
Details

A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-21672"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-12T17:16:35Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability allowing local privilege escalation on Windows-based Veeam Backup \u0026 Replication servers.",
  "id": "GHSA-h68h-qcxp-qv6v",
  "modified": "2026-03-12T18:30:31Z",
  "published": "2026-03-12T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21672"
    },
    {
      "type": "WEB",
      "url": "https://www.veeam.com/kb4830"
    },
    {
      "type": "WEB",
      "url": "https://www.veeam.com/kb4831"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JWFG-733H-8PC5

Vulnerability from github – Published: 2024-05-15 18:30 – Updated: 2024-11-18 16:26
VLAI
Details

On Windows systems, the Arc configuration files resulted to be world-readable.

This can lead to information disclosure by local attackers, via exfiltration of sensitive data from configuration files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-5937"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538",
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-15T16:15:09Z",
    "severity": "MODERATE"
  },
  "details": "On Windows systems, the Arc configuration files resulted to be world-readable.\n\n\n\nThis can lead to information disclosure by local attackers, via exfiltration of sensitive data from configuration files.",
  "id": "GHSA-jwfg-733h-8pc5",
  "modified": "2024-11-18T16:26:42Z",
  "published": "2024-05-15T18:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5937"
    },
    {
      "type": "WEB",
      "url": "https://security.nozominetworks.com/NN-2023:15-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Architecture and Design Operation System Configuration

Do not expose file and directory information to the user.

CAPEC-95: WSDL Scanning

This attack targets the WSDL interface made available by a web service. The attacker may scan the WSDL interface to reveal sensitive information about invocation patterns, underlying technology implementations and associated vulnerabilities. This type of probing is carried out to perform more serious attacks (e.g. parameter tampering, malicious content injection, command injection, etc.). WSDL files provide detailed information about the services ports and bindings available to consumers. For instance, the attacker can submit special characters or malicious content to the Web service and can cause a denial of service condition or illegal access to database records. In addition, the attacker may try to guess other private methods by using the information provided in the WSDL files.