VYPR

CWE-538

Insertion of Sensitive Information into Externally-Accessible File or Directory

BaseDraft

Description

The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-95

CVEs mapped to this weakness (59)

page 3 of 3
  • CVE-2018-16970MedSep 12, 2018
    risk 0.28cvss 4.3epss 0.01

    Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter.

  • CVE-2026-33705MedApr 10, 2026
    risk 0.27cvss 5.3epss 0.00

    Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files (.tpl) under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs,…

  • CVE-2026-50565MedJun 10, 2026
    risk 0.25cvss 4.9epss 0.00

    Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission builder pods were created with ServiceAccountName: fission-builder and no AutomountServiceAccountToken:…

  • CVE-2023-5937LowMay 15, 2024
    risk 0.25cvss 3.8epss 0.00

    On Windows systems, the Arc configuration files resulted to be world-readable. This can lead to information disclosure by local attackers, via exfiltration of sensitive data from configuration files.

  • CVE-2025-52642LowMar 16, 2026
    risk 0.21cvss 3.3epss 0.00

    HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information…

  • CVE-2017-5387LowJun 11, 2018
    risk 0.21cvss 3.3epss 0.00

    The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox < 51.

  • CVE-2026-29114LowJun 10, 2026
    risk 0.15cvss epss 0.00

    A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust…

  • CVE-2026-5434May 21, 2026
    risk 0.00cvss epss 0.00

    Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

  • CVE-2025-58458Sep 3, 2025
    risk 0.00cvss epss 0.00

    In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit, allowing attackers with Overall/Read…

  • CVE-2025-27017Mar 12, 2025
    risk 0.00cvss epss 0.01

    Apache NiFi 1.13.0 through 2.2.0 includes the username and password used to authenticate with MongoDB in the NiFi provenance events that MongoDB components generate during processing. An authorized user with read access to the provenance events of those processors may see the…

  • CVE-2024-21501Feb 24, 2024
    risk 0.00cvss epss 0.01

    Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to…

  • CVE-2022-4318Sep 25, 2023
    risk 0.00cvss epss 0.00

    A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.

  • CVE-2023-28444Mar 24, 2023
    risk 0.00cvss epss 0.01

    angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables in TypeScript (.ts) files during build time of an Angular…

  • CVE-2022-31098Jun 27, 2022
    risk 0.00cvss epss 0.01

    Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka…

  • CVE-2021-32822Aug 16, 2021
    risk 0.00cvss epss 0.01

    The npm hbs package is an Express view engine wrapper for Handlebars. Depending on usage, users of hbs may be vulnerable to a file disclosure vulnerability. There is currently no patch for this vulnerability. hbs mixes pure template data with engine configuration options through…

  • CVE-2019-10320May 21, 2019
    risk 0.00cvss epss 0.01

    Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.

  • CVE-2018-11798Jan 7, 2019
    risk 0.00cvss epss 0.05

    The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.

  • CVE-2014-0772Apr 12, 2014
    risk 0.00cvss epss 0.01

    The BWOCXRUN.BwocxrunCtrl.1 control contains a method named OpenUrlToBufferTimeout. This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not…

  • CVE-2014-0771Apr 12, 2014
    risk 0.00cvss epss 0.01

    The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not …