Common Weakness Enumeration

CWE-552

Allowed

Files or Directories Accessible to External Parties

Abstraction: Base · Status: Draft

The product makes files or directories accessible to unauthorized actors, even though they should not be.

670 vulnerabilities reference this CWE, most recent first.

GHSA-7XRV-JV66-7Q59

Vulnerability from github – Published: 2022-07-07 00:00 – Updated: 2026-07-05 03:30
VLAI
Details

IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with a malicious executable thus gaining code execution as a high privilege user (Low Privilege -> high integrity ADMIN).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-24138"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-06T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has \"rwx\" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with a malicious executable thus gaining code execution as a high privilege user (Low Privilege -\u003e high integrity ADMIN).",
  "id": "GHSA-7xrv-jv66-7q59",
  "modified": "2026-07-05T03:30:49Z",
  "published": "2022-07-07T00:00:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24138"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tomerpeled92/CVE"
    },
    {
      "type": "WEB",
      "url": "http://advanced.com"
    },
    {
      "type": "WEB",
      "url": "http://iobit.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-824W-X939-6CMC

Vulnerability from github – Published: 2026-07-15 21:59 – Updated: 2026-07-15 21:59
VLAI
Summary
TensorZero Gateway: Arbitrary file read and SSRF in internal object storage endpoint
Details

Impact

The /internal/object_storage endpoint accepts a caller-supplied JSON storage_path parameter that dynamically overrides the TensorZero [object_storage] configuration.

By abusing the filesystem storage type, a caller can read arbitrary files from the gateway filesystem, including files that may contain sensitive credentials. Similarly, by abusing the s3_compatible storage type, the caller can coerce the gateway into making outbound object storage requests to attacker-chosen internal/cloud-metadata endpoints.

This vulnerability only applies when the gateway can be accessed by untrusted callers. If a developer's TensorZero deployment has authentication enabled, only authenticated callers can exploit this vulnerability. If a developer's deployment has authentication disabled, any caller can exploit this vulnerability.

Remediation

The vulnerability has been patched in version 2026.6.0. See PR #7527.

Workarounds

If developers are unable to upgrade a gateway that is exposed to untrusted callers, please block external access to the /internal/object_storage endpoint.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorzero"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-54457"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552",
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-15T21:59:40Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\n\nThe `/internal/object_storage` endpoint accepts a caller-supplied JSON `storage_path` parameter that dynamically overrides the TensorZero `[object_storage]` configuration.\n\nBy abusing the `filesystem` storage type, a caller can read arbitrary files from the gateway filesystem, including files that may contain sensitive credentials. Similarly, by abusing the `s3_compatible` storage type, the caller can coerce the gateway into making outbound object storage requests to attacker-chosen internal/cloud-metadata endpoints.\n\nThis vulnerability only applies when the gateway can be accessed by untrusted callers. If a developer\u0027s TensorZero deployment has authentication enabled, only authenticated callers can exploit this vulnerability. If a developer\u0027s deployment has authentication disabled, any caller can exploit this vulnerability.\n\n### Remediation\n\nThe vulnerability has been patched in version `2026.6.0`. See PR #7527.\n\n### Workarounds\n\nIf developers are unable to upgrade a gateway that is exposed to untrusted callers, please block external access to the `/internal/object_storage` endpoint.",
  "id": "GHSA-824w-x939-6cmc",
  "modified": "2026-07-15T21:59:40Z",
  "published": "2026-07-15T21:59:40Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorzero/tensorzero/security/advisories/GHSA-824w-x939-6cmc"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorzero/tensorzero/commit/0abbc838bae3394fe7491dad7009670d4e3b6cf8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorzero/tensorzero"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorzero/tensorzero/releases/tag/2026.6.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "TensorZero Gateway: Arbitrary file read and SSRF in internal object storage endpoint"
}

GHSA-82H9-WXQP-J6PQ

Vulnerability from github – Published: 2022-05-24 17:09 – Updated: 2024-04-04 02:48
VLAI
Details

The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-4715"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-17T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.",
  "id": "GHSA-82h9-wxqp-j6pq",
  "modified": "2024-04-04T02:48:06Z",
  "published": "2022-05-24T17:09:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4715"
    },
    {
      "type": "WEB",
      "url": "https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77a"
    },
    {
      "type": "WEB",
      "url": "https://owncloud.org/security/advisories/mounted-dropbox-storage-allows-dropbox-com-access-file"
    },
    {
      "type": "WEB",
      "url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-005"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/76158"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-867M-9P4W-343P

Vulnerability from github – Published: 2022-07-23 00:00 – Updated: 2022-07-29 00:00
VLAI
Details

Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin <= 4.13.1 at WordPress.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-33901"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-22T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin \u003c= 4.13.1 at WordPress.",
  "id": "GHSA-867m-9p4w-343p",
  "modified": "2022-07-29T00:00:19Z",
  "published": "2022-07-23T00:00:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33901"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/multisafepay/wordpress-multisafepay-plugin-for-woocommerce-plugin-4-13-1-unauthenticated-arbitrary-file-read-vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://wordpress.org/plugins/multisafepay/#developers"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-867Q-77CC-98MV

Vulnerability from github – Published: 2021-04-29 21:51 – Updated: 2021-05-10 19:29
VLAI
Summary
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin
Details

Impact

Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. This vulnerability only impacts unix-like systems where the local system temporary directory is shared between all users. This vulnerability does not impact Windows or modern versions of MacOS.

OpenAPI Generator Maven plug-in creates insecure temporary files during the code generation process. It creates insecure temporary files to store the OpenAPI specification files provided by the users and these temporary files can be read by any users in the system.

The impact of this vulnerability is information disclosure of the contents of the specification file to other local users.

Patches

The issue has been patched with Files.createTempFile and released in the v5.1.0 stable version.

For more information

If you have any questions or comments about this advisory: * Open an issue in OpenAPI Generator Github repo * Email us at security@openapitools.org

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.openapitools:openapi-generator-maven-plugin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-21429"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-377",
      "CWE-378",
      "CWE-379",
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-27T19:58:51Z",
    "nvd_published_at": "2021-04-27T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nUsing `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. This vulnerability only impacts unix-like systems where the local system temporary directory is shared between all users. This vulnerability does not impact Windows or modern versions of MacOS.\n\nOpenAPI Generator Maven plug-in creates insecure temporary files during the code generation process. It creates insecure temporary files to store the OpenAPI specification files provided by the users and these temporary files can be read by any users in the system.\n\nThe impact of this vulnerability is information disclosure of the contents of the specification file to other local users.\n\n### Patches\nThe issue has been patched with `Files.createTempFile` and released in the v5.1.0 stable version.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [OpenAPI Generator Github repo](https://github.com/openAPITools/openapi-generator/)\n* Email us at [security@openapitools.org](mailto:security@openapitools.org)",
  "id": "GHSA-867q-77cc-98mv",
  "modified": "2021-05-10T19:29:52Z",
  "published": "2021-04-29T21:51:37Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-867q-77cc-98mv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21429"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenAPITools/openapi-generator/pull/8795"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenAPITools/openapi-generator/blob/06ad7a51eff04393203cfa715e54e1fb59d984fe/modules/openapi-generator-maven-plugin/src/main/java/org/openapitools/codegen/plugin/CodeGenMojo.java#L782-L799"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin"
}

GHSA-86R4-42M6-45M9

Vulnerability from github – Published: 2024-06-01 06:30 – Updated: 2026-04-08 21:32
VLAI
Details

The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the plugin's 'content_block' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-3564"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552",
      "CWE-98"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-01T04:15:08Z",
    "severity": "HIGH"
  },
  "details": "The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the plugin\u0027s \u0027content_block\u0027 shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.",
  "id": "GHSA-86r4-42m6-45m9",
  "modified": "2026-04-08T21:32:41Z",
  "published": "2024-06-01T06:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3564"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3078739%40custom-post-widget\u0026new=3078739%40custom-post-widget\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c5a0b8fe-d284-4780-84b5-2e97fa96c99a?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-885X-F949-H663

Vulnerability from github – Published: 2024-08-02 12:31 – Updated: 2025-11-04 00:31
VLAI
Details

A vulnerability has been identified in Omnivise T3000 Application Server (All versions >= R9.2), Omnivise T3000 Domain Controller (All versions >= R9.2), Omnivise T3000 Product Data Management (PDM) (All versions >= R9.2), Omnivise T3000 Terminal Server (All versions >= R9.2), Omnivise T3000 Thin Client (All versions >= R9.2), Omnivise T3000 Whitelisting Server (All versions >= R9.2). The affected application regularly executes user modifiable code as a privileged user. This could allow a local authenticated attacker to execute arbitrary code with elevated privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-38876"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-02T11:16:41Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in Omnivise\u00a0T3000 Application Server (All versions \u003e= R9.2), Omnivise T3000 Domain Controller (All versions \u003e= R9.2), Omnivise T3000 Product Data Management (PDM) (All versions \u003e= R9.2), Omnivise\u00a0T3000 Terminal Server (All versions \u003e= R9.2), Omnivise T3000 Thin Client (All versions \u003e= R9.2), Omnivise T3000 Whitelisting Server (All versions \u003e= R9.2). The affected application regularly executes user modifiable code as a privileged user. This could allow a local authenticated attacker to execute arbitrary code with elevated privileges.",
  "id": "GHSA-885x-f949-h663",
  "modified": "2025-11-04T00:31:10Z",
  "published": "2024-08-02T12:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38876"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-857368.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Nov/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-88FQ-WP8P-XCG5

Vulnerability from github – Published: 2024-02-13 18:38 – Updated: 2024-02-13 18:38
VLAI
Details

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21403"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-13T18:15:58Z",
    "severity": "CRITICAL"
  },
  "details": "Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability",
  "id": "GHSA-88fq-wp8p-xcg5",
  "modified": "2024-02-13T18:38:24Z",
  "published": "2024-02-13T18:38:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21403"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21403"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-88XC-3623-X7QH

Vulnerability from github – Published: 2023-10-16 21:30 – Updated: 2024-02-16 21:31
VLAI
Details

The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4933"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-538",
      "CWE-552",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-16T20:15:17Z",
    "severity": "MODERATE"
  },
  "details": "The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.",
  "id": "GHSA-88xc-3623-x7qh",
  "modified": "2024-02-16T21:31:31Z",
  "published": "2023-10-16T21:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4933"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/882f6c36-44c6-4273-81cd-2eaaf5e81fa7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-895G-F6M8-V3J8

Vulnerability from github – Published: 2025-11-21 09:30 – Updated: 2025-11-21 09:30
VLAI
Details

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.17 via the import/export functionality and a lack of .htaccess protection. This makes it possible for unauthenticated attackers to extract sensitive data from exports stored in /exportwp and import data stored in /importwp.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-12894"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-21T08:15:54Z",
    "severity": "MODERATE"
  },
  "details": "The Import WP \u2013 Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.17 via the import/export functionality and a lack of .htaccess protection. This makes it possible for unauthenticated attackers to extract sensitive data from exports stored in /exportwp and import data stored in /importwp.",
  "id": "GHSA-895g-f6m8-v3j8",
  "modified": "2025-11-21T09:30:27Z",
  "published": "2025-11-21T09:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12894"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3394624%40jc-importer\u0026new=3394624%40jc-importer\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/28ca9590-dc0b-40c9-9de6-1480094ea8be?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.

CAPEC-150: Collect Data from Common Resource Locations

An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.

CAPEC-639: Probe System Files

An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.