Common Weakness Enumeration

CWE-548

Allowed

Exposure of Information Through Directory Listing

Abstraction: Variant · Status: Draft

The product inappropriately exposes a directory listing with an index of all the resources located inside of the directory.

101 vulnerabilities reference this CWE, most recent first.

GHSA-MFGV-2FP9-XH3V

Vulnerability from github – Published: 2023-05-30 21:30 – Updated: 2024-04-04 04:23
VLAI
Details

Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in "studio" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-36243"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-548"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-30T20:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in \"studio\" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm.",
  "id": "GHSA-mfgv-2fp9-xh3v",
  "modified": "2024-04-04T04:23:36Z",
  "published": "2023-05-30T21:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36243"
    },
    {
      "type": "WEB",
      "url": "https://www.shopbeat.co.za"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MXW3-3HH2-X2MH

Vulnerability from github – Published: 2026-02-17 16:14 – Updated: 2026-02-24 16:06
VLAI
Summary
Rack has a Directory Traversal via Rack:Directory
Details

Summary

Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../root_example/ can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root.

Details

In directory.rb, File.expand_path(File.join(root, path_info)).start_with?(root) does not enforce a path boundary. If the server root is /var/www/root, a path like /var/www/root_backup passes the check because it shares the same prefix, so Rack::Directory will list that directory also.

Impact

Information disclosure via directory listing outside the configured root when Rack::Directory is exposed to untrusted clients and a directory shares the root prefix (e.g., public2, www_backup).

Mitigation

  • Update to a patched version of Rack that correctly checks the root prefix.
  • Don't name directories with the same prefix as one which is exposed via Rack::Directory.
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.22"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0.beta1"
            },
            {
              "fixed": "3.1.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.2.0"
            },
            {
              "fixed": "3.2.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-22860"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-548"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-17T16:14:11Z",
    "nvd_published_at": "2026-02-18T19:21:43Z",
    "severity": "HIGH"
  },
  "details": "## Summary\n\n`Rack::Directory`\u2019s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root.\n\n## Details\n\nIn `directory.rb`, `File.expand_path(File.join(root, path_info)).start_with?(root)` does not enforce a path boundary. If the server root is `/var/www/root`, a path like `/var/www/root_backup` passes the check because it shares the same prefix, so `Rack::Directory` will list that directory also. \n\n## Impact\n\nInformation disclosure via directory listing outside the configured root when `Rack::Directory` is exposed to untrusted clients and a directory shares the root prefix (e.g., `public2`, `www_backup`).\n\n## Mitigation\n\n* Update to a patched version of Rack that correctly checks the root prefix.\n* Don\u0027t name directories with the same prefix as one which is exposed via `Rack::Directory`.",
  "id": "GHSA-mxw3-3hh2-x2mh",
  "modified": "2026-02-24T16:06:28Z",
  "published": "2026-02-17T16:14:11Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22860"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rack/rack"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-22860.yml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Rack has a Directory Traversal via Rack:Directory"
}

GHSA-P4CX-WFPQ-6FFP

Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07
VLAI
Details

QSAN Storage Manager through directory listing vulnerability in antivirus function allows remote authenticated attackers to list arbitrary directories by injecting file path parameter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-32510"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-07T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "QSAN Storage Manager through directory listing vulnerability in antivirus function allows remote authenticated attackers to list arbitrary directories by injecting file path parameter.",
  "id": "GHSA-p4cx-wfpq-6ffp",
  "modified": "2022-05-24T19:07:03Z",
  "published": "2022-05-24T19:07:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32510"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/tw/cp-132-4866-b820b-1.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-P78J-WW2M-9483

Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07
VLAI
Details

Directory listing vulnerability in share_link in QSAN Storage Manager allows attackers to list arbitrary directories and further access credential information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-32515"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-07T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Directory listing vulnerability in share_link in QSAN Storage Manager allows attackers to list arbitrary directories and further access credential information.",
  "id": "GHSA-p78j-ww2m-9483",
  "modified": "2022-05-24T19:07:02Z",
  "published": "2022-05-24T19:07:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32515"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/tw/cp-132-4871-2a2d7-1.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-PPXP-2Q6F-M9HH

Vulnerability from github – Published: 2025-04-10 03:31 – Updated: 2025-04-10 03:31
VLAI
Details

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an exposure of information through directory listing vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-23378"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-10T03:15:18Z",
    "severity": "LOW"
  },
  "details": "Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an exposure of information through directory listing vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.",
  "id": "GHSA-ppxp-2q6f-m9hh",
  "modified": "2025-04-10T03:31:32Z",
  "published": "2025-04-10T03:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23378"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000300860/dsa-2025-119-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V588-QCP3-JV46

Vulnerability from github – Published: 2019-03-25 18:03 – Updated: 2025-07-15 19:34
VLAI
Summary
Path Traversal in serve
Details

Versions of serve prior to 7.0.1 are vulnerable to Path Traversal. Explicitly ignored folders can be accessed through if the path contains a /./, which allows attackers to access hidden folders and files.

Recommendation

Upgrade to version 7.0.1 or later.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "serve"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-5415"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:56:44Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "Versions of `serve` prior to 7.0.1 are vulnerable to Path Traversal. Explicitly ignored folders can be accessed through if the path contains a `/./`, which allows attackers to access hidden folders and files.\n\n\n## Recommendation\n\nUpgrade to version 7.0.1 or later.",
  "id": "GHSA-v588-qcp3-jv46",
  "modified": "2025-07-15T19:34:30Z",
  "published": "2019-03-25T18:03:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5415"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/330724"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-v588-qcp3-jv46"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1010"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Path Traversal in serve"
}

GHSA-V78C-9CRG-6V9M

Vulnerability from github – Published: 2025-11-15 18:30 – Updated: 2025-11-15 18:30
VLAI
Details

A vulnerability was determined in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality. This manipulation causes exposure of information through directory listing. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13200"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-15T16:15:43Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was determined in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality. This manipulation causes exposure of information through directory listing. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.",
  "id": "GHSA-v78c-9crg-6v9m",
  "modified": "2025-11-15T18:30:26Z",
  "published": "2025-11-15T18:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13200"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Shaker-Chen/cve/issues/1"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.332498"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.332498"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.685615"
    },
    {
      "type": "WEB",
      "url": "https://www.sourcecodester.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-VWPM-799J-8HXQ

Vulnerability from github – Published: 2025-01-25 15:30 – Updated: 2025-01-25 15:30
VLAI
Details

IBM Control Center 6.2.1 and 6.3.1

could allow an authenticated user to obtain sensitive information exposed through a directory listing.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35113"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-25T14:15:29Z",
    "severity": "MODERATE"
  },
  "details": "IBM Control Center 6.2.1 and 6.3.1 \n\n\n\ncould allow an authenticated user to obtain sensitive information exposed through a directory listing.",
  "id": "GHSA-vwpm-799j-8hxq",
  "modified": "2025-01-25T15:30:31Z",
  "published": "2025-01-25T15:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35113"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7174796"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W64C-QGH2-QJ9C

Vulnerability from github – Published: 2025-05-05 18:32 – Updated: 2025-05-07 15:31
VLAI
Details

A Directory Listing Vulnerability was found in the /osms/Requester/ directory of the Kashipara Online Service Management Portal V1.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-45320"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-05T16:15:51Z",
    "severity": "HIGH"
  },
  "details": "A Directory Listing Vulnerability was found in the /osms/Requester/ directory of the Kashipara Online Service Management Portal V1.0.",
  "id": "GHSA-w64c-qgh2-qj9c",
  "modified": "2025-05-07T15:31:28Z",
  "published": "2025-05-05T18:32:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45320"
    },
    {
      "type": "WEB",
      "url": "https://github.com/0xBhushan/Writeups/blob/main/CVE/Kashipara/Online%20Service%20Management%20Portal/Directory%20Listing_Requester.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WVRC-7835-9GRJ

Vulnerability from github – Published: 2024-04-09 21:31 – Updated: 2024-04-09 21:31
VLAI
Details

The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-2340"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-09T19:15:32Z",
    "severity": "MODERATE"
  },
  "details": "The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the \u0027/wp-content/uploads/fusion-forms/\u0027 directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism.",
  "id": "GHSA-wvrc-7835-9grj",
  "modified": "2024-04-09T21:31:59Z",
  "published": "2024-04-09T21:31:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2340"
    },
    {
      "type": "WEB",
      "url": "https://avada.com/documentation/avada-changelog"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8db8bbc3-43ca-4ef5-a44d-2987c8597961?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design System Configuration

Recommendations include restricting access to important directories or files by adopting a need to know requirement for both the document and server root, and turning off features such as Automatic Directory Listings that could expose private files and provide information that could be utilized by an attacker when formulating or conducting an attack.

No CAPEC attack patterns related to this CWE.