Common Weakness Enumeration

CWE-552

Allowed

Files or Directories Accessible to External Parties

Abstraction: Base · Status: Draft

The product makes files or directories accessible to unauthorized actors, even though they should not be.

669 vulnerabilities reference this CWE, most recent first.

GHSA-WC9M-R3V6-9P5H

Vulnerability from github – Published: 2025-02-04 21:32 – Updated: 2025-02-04 23:18
VLAI
Summary
Sparkle Signing Checks Bypass
Details

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.6.3"
      },
      "package": {
        "ecosystem": "SwiftURL",
        "name": "github.com/sparkle-project/Sparkle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-0509"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-02-04T23:18:58Z",
    "nvd_published_at": "2025-02-04T20:15:49Z",
    "severity": "HIGH"
  },
  "details": "A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle\u2019s (Ed)DSA signing checks.",
  "id": "GHSA-wc9m-r3v6-9p5h",
  "modified": "2025-02-04T23:18:58Z",
  "published": "2025-02-04T21:32:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0509"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sparkle-project/Sparkle/pull/2550"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/sparkle-project/Sparkle"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250124-0008"
    },
    {
      "type": "WEB",
      "url": "https://sparkle-project.org/documentation/security-and-reliability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Sparkle Signing Checks Bypass"
}

GHSA-WCGH-5M9C-WVW3

Vulnerability from github – Published: 2023-08-22 21:30 – Updated: 2024-04-04 07:09
VLAI
Details

An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4475"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-22T19:16:41Z",
    "severity": "MODERATE"
  },
  "details": "An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.\n",
  "id": "GHSA-wcgh-5m9c-wvw3",
  "modified": "2024-04-04T07:09:22Z",
  "published": "2023-08-22T21:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4475"
    },
    {
      "type": "WEB",
      "url": "https://www.asustor.com/security/security_advisory_detail?id=30"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WG6F-8QGJ-CPW7

Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2022-05-13 01:46
VLAI
Details

An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups (written by iTunes) via a crafted app.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-7079"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-23T01:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the \"Data Sync\" component. It allows attackers to access iOS backups (written by iTunes) via a crafted app.",
  "id": "GHSA-wg6f-8qgj-cpw7",
  "modified": "2022-05-13T01:46:51Z",
  "published": "2022-05-13T01:46:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7079"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208140"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100983"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WHQ3-3CVV-FRC4

Vulnerability from github – Published: 2023-05-15 15:30 – Updated: 2024-04-04 04:06
VLAI
Details

The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization (assuming they can upload a file on the server)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2180"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-15T13:15:10Z",
    "severity": "HIGH"
  },
  "details": "The KIWIZ Invoices Certification \u0026 PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization (assuming they can upload a file on the server)",
  "id": "GHSA-whq3-3cvv-frc4",
  "modified": "2024-04-04T04:06:44Z",
  "published": "2023-05-15T15:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2180"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/4d3b90d8-8a6d-4b72-8bc7-21f861259a1b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WJ44-9VCG-WJQ7

Vulnerability from github – Published: 2025-06-24 19:00 – Updated: 2025-06-24 19:00
VLAI
Summary
Gogs allows deletion of internal files which leads to remote command execution
Details

Summary

Due to the insufficient patch for the CVE-2024-39931, it's still possible to delete files under the .git directory and achieve remote command execution.

Details

In the patch for CVE-2024-39931, the following check is added: https://github.com/gogs/gogs/commit/77a4a945ae9a87f77e392e9066b560edb71b5de9

+   // 🚨 SECURITY: Prevent uploading files into the ".git" directory
+   if isRepositoryGitPath(opts.TreePath) {
+       return errors.Errorf("bad tree path %q", opts.TreePath)
+   }

While the above code snippet checks if the specified path is a .git directory, there are no checks for symbolic links in the later steps. So, by creating a symbolic link that points to the .git directory, an attacker can still delete arbitrary files in the .git directory and achieve remote command execution.

Impact

Unprivileged user accounts can execute arbitrary commands on the Gogs instance with the privileges of the account specified by RUN_USER in the configuration. It allows attackers to access and alter any users' code hosted on the same instance.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.13.2"
      },
      "package": {
        "ecosystem": "Go",
        "name": "gogs.io/gogs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.13.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-56731"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-24T19:00:20Z",
    "nvd_published_at": "2025-06-24T04:15:45Z",
    "severity": "CRITICAL"
  },
  "details": "### Summary\nDue to the insufficient patch for the CVE-2024-39931, it\u0027s still possible to delete files under the `.git` directory and achieve remote command execution.\n\n### Details\nIn the patch for CVE-2024-39931, the following check is added:\nhttps://github.com/gogs/gogs/commit/77a4a945ae9a87f77e392e9066b560edb71b5de9\n\n```diff\n+\t// \ud83d\udea8 SECURITY: Prevent uploading files into the \".git\" directory\n+\tif isRepositoryGitPath(opts.TreePath) {\n+\t\treturn errors.Errorf(\"bad tree path %q\", opts.TreePath)\n+\t}\n```\n\n\nWhile the above code snippet checks if the specified path is a `.git` directory, there are no checks for symbolic links in the later steps. So, by creating a symbolic link that points to the `.git` directory, an attacker can still delete arbitrary files in the `.git` directory and achieve remote command execution.\n\n### Impact\nUnprivileged user accounts can execute arbitrary commands on the Gogs instance with the privileges of the account specified by `RUN_USER` in the configuration. It allows attackers to access and alter any users\u0027 code hosted on the same instance.",
  "id": "GHSA-wj44-9vcg-wjq7",
  "modified": "2025-06-24T19:00:21Z",
  "published": "2025-06-24T19:00:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56731"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gogs/gogs/commit/77a4a945ae9a87f77e392e9066b560edb71b5de9"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-ccqv-43vm-4f3w"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/gogs/gogs"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gogs/gogs/releases/tag/v0.13.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Gogs allows deletion of internal files which leads to remote command execution"
}

GHSA-WJF7-6CX7-X9V8

Vulnerability from github – Published: 2025-07-25 18:30 – Updated: 2025-11-12 21:31
VLAI
Details

A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow an unauthenticated attacker to read arbitrary files. This vulnerability affects all Experience Platform topologies (XM, XP, XC) from 8.0 Initial Release through 10.4 Initial Release and later. This issue affects Content Management (CM) and standalone instances. PaaS and containerized solutions are also affected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-34139"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-522",
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-25T16:15:28Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability exists in Sitecore\u00a0Experience Manager (XM),\u00a0Experience Platform (XP),\u00a0Experience Commerce (XC), and\u00a0Managed Cloud that could allow an unauthenticated attacker to read arbitrary files.\u00a0This vulnerability affects all Experience Platform topologies (XM, XP, XC) from 8.0 Initial Release through 10.4 Initial Release and later. This issue affects Content Management (CM) and standalone instances. PaaS and containerized solutions are also affected.",
  "id": "GHSA-wjf7-6cx7-x9v8",
  "modified": "2025-11-12T21:31:04Z",
  "published": "2025-07-25T18:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34139"
    },
    {
      "type": "WEB",
      "url": "https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1003650"
    },
    {
      "type": "WEB",
      "url": "https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1003661"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/sitecore-xm-xp-xc-managed-cloud-arbitrary-file-read"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-WM59-M58R-X983

Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-13 18:30
VLAI
Details

The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface. The DELETE /{index_name}/documents endpoint lacks proper authentication and authorization controls and does not validate the user-supplied path_or_url parameter. This allows unauthenticated remote attackers to send crafted requests that trigger the deletion of arbitrary documents from ElasticSearch indices and corresponding files from the MinIO storage system. Successful exploitation leads to data destruction and denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31215"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-12T16:16:13Z",
    "severity": "CRITICAL"
  },
  "details": "The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface. The DELETE /{index_name}/documents endpoint lacks proper authentication and authorization controls and does not validate the user-supplied path_or_url parameter. This allows unauthenticated remote attackers to send crafted requests that trigger the deletion of arbitrary documents from ElasticSearch indices and corresponding files from the MinIO storage system. Successful exploitation leads to data destruction and denial of service.",
  "id": "GHSA-wm59-m58r-x983",
  "modified": "2026-05-13T18:30:40Z",
  "published": "2026-05-12T18:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31215"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ModelEngine-Group/nexent"
    },
    {
      "type": "WEB",
      "url": "https://www.notion.so/CVE-2026-31215-35d1e139318881f5946ed206d96e34d8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WQC2-2GPX-6J9R

Vulnerability from github – Published: 2024-01-11 09:30 – Updated: 2024-01-11 09:30
VLAI
Details

The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to download back-up files which can contain sensitive information such as user passwords, PII, database credentials, and much more.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6266"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-11T09:15:48Z",
    "severity": "HIGH"
  },
  "details": "The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to download back-up files which can contain sensitive information such as user passwords, PII,  database credentials, and much more.",
  "id": "GHSA-wqc2-2gpx-6j9r",
  "modified": "2024-01-11T09:30:35Z",
  "published": "2024-01-11T09:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6266"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.5/includes/initializer.php#L1048"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.5/includes/initializer.php#L972"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/initializer.php#L1065"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/08801f53-3c57-41a3-a637-4b52637cc612?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WR3C-G326-486C

Vulnerability from github – Published: 2023-01-09 19:45 – Updated: 2023-01-09 19:45
VLAI
Summary
GitOps Run allows for Kubernetes workload injection
Details

Impact

A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources.

GitOps run has a local S3 bucket which it uses for synchronising files that are later applied against a Kubernetes cluster. Its endpoint had no security controls to block unauthorised access, therefore allowing local users (and processes) on the same machine to see and alter the bucket content.

By leveraging this vulnerability, an attacker could pick a workload of their choosing and inject it into the S3 bucket, which resulted in the successful deployment in the target cluster, without the need to provide any credentials to either the S3 bucket nor the target Kubernetes cluster.

Patches

This vulnerability has been fixed by commits 75268c4 and 966823b. Users should upgrade to Weave GitOps version >= v0.12.0 released on 08/12/2022.

Workarounds

There is no workaround for this vulnerability.

References

Disclosed by Paulo Gomes, Senior Software Engineer, Weaveworks.

For more information

If you have any questions or comments about this advisory:

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.11.0"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/weaveworks/weave-gitops"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-23508"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-09T19:45:01Z",
    "nvd_published_at": "2023-01-09T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nA vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster\u0027s resources.\n\nGitOps run has a local S3 bucket which it uses for synchronising files that are later applied against a Kubernetes cluster. Its endpoint had no security controls to block unauthorised access, therefore allowing local users (and processes) on the same machine to see and alter the bucket content.\n\nBy leveraging this vulnerability, an attacker could pick a workload of their choosing and inject it into the S3 bucket, which resulted in the successful deployment in the target cluster, without the need to provide any credentials to either the S3 bucket nor the target Kubernetes cluster.\n\n### Patches\nThis vulnerability has been fixed by commits [75268c4](https://github.com/weaveworks/weave-gitops/pull/3114/commits/75268c4d2c8f7e4db22c63d76b451ba6545d117f) and [966823b](https://github.com/weaveworks/weave-gitops/pull/3102/commits/966823bbda8c539a4661e2a4f8607c9307ba6225). Users should upgrade to Weave GitOps version \u003e= v0.12.0 released on 08/12/2022.\n\n### Workarounds\nThere is no workaround for this vulnerability.\n\n### References\nDisclosed by Paulo Gomes, Senior Software Engineer, Weaveworks.\n\n### For more information\nIf you have any questions or comments about this advisory:\n\n- Open an issue in [Weave GitOps repository](https://github.com/weaveworks/weave-gitops)\n- Email us at [support@weave.works](mailto:support@weave.works)\n",
  "id": "GHSA-wr3c-g326-486c",
  "modified": "2023-01-09T19:45:01Z",
  "published": "2023-01-09T19:45:01Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/weaveworks/weave-gitops/security/advisories/GHSA-wr3c-g326-486c"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23508"
    },
    {
      "type": "WEB",
      "url": "https://github.com/weaveworks/weave-gitops/pull/3102/commits/966823bbda8c539a4661e2a4f8607c9307ba6225"
    },
    {
      "type": "WEB",
      "url": "https://github.com/weaveworks/weave-gitops/pull/3114/commits/75268c4d2c8f7e4db22c63d76b451ba6545d117f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/weaveworks/weave-gitops"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "GitOps Run allows for Kubernetes workload injection"
}

GHSA-WR93-5PFW-4C2V

Vulnerability from github – Published: 2024-10-15 12:30 – Updated: 2025-01-24 09:30
VLAI
Details

An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-45276"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306",
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-15T11:15:12Z",
    "severity": "HIGH"
  },
  "details": "An unauthenticated remote attacker can get read access to files in the \"/tmp\" directory due to missing authentication.",
  "id": "GHSA-wr93-5pfw-4c2v",
  "modified": "2025-01-24T09:30:44Z",
  "published": "2024-10-15T12:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45276"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en/advisories/VDE-2024-056"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en/advisories/VDE-2024-066"
    },
    {
      "type": "WEB",
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-065.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.

CAPEC-150: Collect Data from Common Resource Locations

An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.

CAPEC-639: Probe System Files

An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.