Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-552 (对外部实体的文件或目录可访问) — Vulnerability Class 198

198 vulnerabilities classified as CWE-552 (对外部实体的文件或目录可访问). AI Chinese analysis included.

CWE-552 represents a critical access control weakness where software improperly exposes files or directories to unauthorized external actors. This vulnerability typically arises when applications store sensitive data within a publicly accessible root directory, such as those used by web or FTP servers, without implementing adequate permission restrictions. Attackers exploit this flaw by directly requesting the paths of these unprotected resources, thereby gaining unauthorized access to confidential information like configuration files, user data, or source code. To prevent such breaches, developers must enforce strict access controls, ensuring that only authenticated and authorized users can retrieve specific files. Additionally, separating sensitive data from public web roots and applying robust file permission settings are essential strategies to mitigate the risk of accidental or malicious exposure to external parties.

MITRE CWE Description
The product makes files or directories accessible to unauthorized actors, even though they should not be. Web servers, FTP servers, and similar servers may store a set of files underneath a "root" directory that is accessible to the server's users. Applications may store sensitive files underneath this root without also using access control to limit which users may request those files, if any. Alternately, an application might package multiple files or directories into an archive file (e.g., ZIP or tar), but the application might not exclude sensitive files that are underneath those directories. In cloud technologies and containers, this weakness might present itself in the form of misconfigured storage accounts that can be read or written by a public or anonymous user.
Common Consequences (1)
Confidentiality, IntegrityRead Files or Directories, Modify Files or Directories
Mitigations (1)
Implementation, System Configuration, OperationWhen storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.
Examples (2)
The following Azure command updates the settings for a storage account:
az storage account update --name <storage-account> --resource-group <resource-group> --allow-blob-public-access true
Bad · Shell
az storage account update --name <storage-account> --resource-group <resource-group> --allow-blob-public-access false
Good · Shell
The following Google Cloud Storage command gets the settings for a storage account named 'BUCKET_NAME':
gsutil iam get gs://BUCKET_NAME
Informative · Shell
{ "bindings":[{ "members":[ "projectEditor: PROJECT-ID", "projectOwner: PROJECT-ID" ], "role":"roles/storage.legacyBucketOwner" }, { "members":[ "allUsers", "projectViewer: PROJECT-ID" ], "role":"roles/storage.legacyBucketReader" } ] }
Bad · JSON
CVE IDTitleCVSSSeverityPublished
CVE-2022-2222 Download Monitor < 4.5.91 - Admin+ Arbitrary File Download — Download Monitor 4.9 -2022-07-17
CVE-2022-34464 Siemens SICAM GridEdge Essential 安全漏洞 — SICAM GridEdge (Classic) 6.3 Medium2022-07-12
CVE-2022-32143 CODESYS runtime system prone to directory acces — Runtime Toolkit 8.8 High2022-06-24
CVE-2021-3717 Wildfly 安全漏洞 — wildfly 7.8 -2022-05-24
CVE-2022-0656 uDraw < 3.3.3 - Unauthenticated Arbitrary File Access — Web To Print Shop : uDraw 7.5 -2022-04-25
CVE-2022-24075 Naver Whale Browser 安全漏洞 — NAVER Whale browser 6.5 -2022-03-17
CVE-2021-32008 Logged-in Administrator may get unrestricted file system access — GateManager 9.9 Critical2022-03-04
CVE-2021-25004 SEUR Oficial < 1.7.2 - Admin+ Arbitrary File Download — SEUR Oficial 4.9 -2022-02-07
CVE-2021-33843 Fresenius Kabi Agilia Connect Infusion System files or directories accessible to external parties — Agilia Connect WiFi 5.3 Medium2022-01-21
CVE-2021-43821 Files Accessible to External Parties in Opencast — opencast 9.9 Critical2021-12-14
CVE-2021-31850 Denial of Service in Database Security on Windows — McAfee Database Security (DBSec) 6.1 Medium2021-12-08
CVE-2021-42744 Philips MRI 1.5T and 3T Information Exposure — MRI 1.5T 5.5 -2021-11-19
CVE-2021-32833 Unauthenticated file read in Emby Server — Emby.Releases 8.6 High2021-09-09
CVE-2021-34765 Cisco Nexus Insights Authenticated Information Disclosure Vulnerability — Cisco Nexus Insights 4.3 Medium2021-09-02
CVE-2021-32752 Files or Directories Accessible to External Parties in ether/logs — logs 7.2 High2021-07-09
CVE-2021-22769 Schneider Electric EnerlinÕX ComÕX 安全漏洞 — Easergy T300 with firmware V2.7.1 and older 4.3 -2021-06-11
CVE-2021-31831 Incorrect access to deleted scripts vulnerability in McAfee DBSec — McAfee Database Security (DBSec) 4.9 Medium2021-06-03
CVE-2018-10867 Red Hat Certification 访问控制错误漏洞 — redhat-certification 9.1 -2021-05-26
CVE-2018-10863 Red Hat Certification 安全漏洞 — redhat-certification 5.3 -2021-05-26
CVE-2021-1512 Cisco SD-WAN Software Arbitrary File Corruption Vulnerability — Cisco SD-WAN Solution 7.1 -2021-05-06
CVE-2021-1256 Cisco Firepower Threat Defense Software Command File Overwrite Vulnerability — Cisco Firepower Threat Defense Software 6.0 Medium2021-04-29
CVE-2021-21429 Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin — openapi-generator 4.0 Medium2021-04-27
CVE-2021-24154 Theme Editor < 2.6 - Authenticated Arbitrary File Download — Theme Editor 4.9 -2021-04-05
CVE-2021-1434 Cisco IOS XE SD-WAN Software Arbitrary File Corruption Vulnerability — Cisco IOS XE Software 4.4 Medium2021-03-24
CVE-2019-3897 红帽 Red Hat 安全漏洞 — redhat-certification 5.3 -2021-03-16
CVE-2021-20253 Red Hat ansible-tower 安全漏洞 — ansible-tower 7.0 -2021-03-09
CVE-2021-1361 Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability — Cisco NX-OS Software 9.8 Critical2021-02-24
CVE-2021-20182 Red Hat openshift4/ose-docker-builder 安全漏洞 — openshift 8.8 -2021-02-23
CVE-2020-17519 Apache Flink directory traversal attack: reading remote files through the REST API — Apache Flink 7.5 -2021-01-05
CVE-2020-11642 SiteManager Denial of Service via Local File Inclusion Vulnerability — SiteManager 7.7 High2020-10-15

Vulnerabilities classified as CWE-552 (对外部实体的文件或目录可访问) represent 198 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.