CWE-552
Files or Directories Accessible to External Parties
Description
The product makes files or directories accessible to unauthorized actors, even though they should not be.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-150 · CAPEC-639
CVEs mapped to this weakness (182)
page 5 of 10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-15065 | Med | 0.41 | 6.3 | 0.00 | Dec 29, 2025 | Exposure of Sensitive Information to an Unauthorized Actor, Missing Encryption of Sensitive Data, Files or Directories Accessible to External Parties vulnerability in Kings Information & Network Co. KESS Enterprise on Windows allows Privilege Escalation, Modify Existing Service,… | ||
| CVE-2017-2622 | Med | 0.38 | 5.9 | 0.00 | Jul 27, 2018 | An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information. | ||
| CVE-2026-40425 | Med | 0.37 | 5.7 | 0.00 | May 29, 2026 | The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password. | ||
| CVE-2026-35440 | Med | 0.36 | 5.5 | 0.00 | May 12, 2026 | Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | ||
| CVE-2026-32185 | Med | 0.36 | 5.5 | 0.00 | May 12, 2026 | Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally. | ||
| CVE-2024-23282 | Med | 0.36 | 5.5 | 0.00 | Jun 10, 2024 | The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. A maliciously crafted email may be able to initiate FaceTime calls without user authorization. | ||
| CVE-2021-42744 | Med | 0.36 | 5.5 | 0.00 | Nov 19, 2021 | Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | ||
| CVE-2017-2621 | Med | 0.36 | 5.5 | 0.00 | Jul 27, 2018 | An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information. | ||
| CVE-2017-7079 | Med | 0.36 | 5.5 | 0.01 | Oct 23, 2017 | An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups (written by iTunes) via a crafted app. | ||
| CVE-2017-11829 | Med | 0.36 | 5.5 | 0.04 | Oct 13, 2017 | Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update Delivery Optimization does not properly enforce file share permissions. | ||
| CVE-2015-1350 | Med | 0.36 | 5.5 | 0.00 | May 2, 2016 | The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a… | ||
| CVE-2026-40564 | Med | 0.35 | 6.5 | 0.00 | May 26, 2026 | Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF) vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR… | ||
| CVE-2026-7817 | Med | 0.35 | 6.5 | 0.00 | May 11, 2026 | Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied api_key_file and api_url preferences were passed to the LLM provider clients without validation. An authenticated user could read… | ||
| CVE-2025-5273 | Med | 0.35 | 6.5 | 0.00 | May 29, 2025 | All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host… | ||
| CVE-2024-44807 | Med | 0.35 | 5.3 | 0.01 | Oct 11, 2024 | A directory listing issue in the baserCMS plugin in D-ZERO CO., LTD. BurgerEditor and BurgerEditor Limited Edition before 2.25.1 allows remote attackers to obtain sensitive information by exposing a list of the uploaded files. | ||
| CVE-2026-33380 | Med | 0.34 | 6.3 | 0.00 | May 13, 2026 | A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable. | ||
| CVE-2026-5335 | Med | 0.34 | 5.3 | 0.00 | May 4, 2026 | The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information. | ||
| CVE-2026-4900 | Med | 0.34 | 5.3 | 0.00 | Mar 26, 2026 | A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file /dbfood/localhost.sql. This manipulation causes files or directories accessible. The attack can be initiated remotely. The exploit has been made available to… | ||
| CVE-2026-4532 | Med | 0.34 | 5.3 | 0.00 | Mar 22, 2026 | A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories… | ||
| CVE-2025-14442 | Med | 0.34 | 5.3 | 0.00 | Dec 12, 2025 | The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to sensitive information exposure due to storage of exported CSV files in a publicly accessible directory with predictable filenames in all versions up to, and including, 4.9.2. This makes… |
- risk 0.41cvss 6.3epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor, Missing Encryption of Sensitive Data, Files or Directories Accessible to External Parties vulnerability in Kings Information & Network Co. KESS Enterprise on Windows allows Privilege Escalation, Modify Existing Service,…
- risk 0.38cvss 5.9epss 0.00
An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.
- risk 0.37cvss 5.7epss 0.00
The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password.
- risk 0.36cvss 5.5epss 0.00
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
- risk 0.36cvss 5.5epss 0.00
The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. A maliciously crafted email may be able to initiate FaceTime calls without user authorization.
- risk 0.36cvss 5.5epss 0.00
Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
- risk 0.36cvss 5.5epss 0.00
An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.
- risk 0.36cvss 5.5epss 0.01
An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups (written by iTunes) via a crafted app.
- risk 0.36cvss 5.5epss 0.04
Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update Delivery Optimization does not properly enforce file share permissions.
- risk 0.36cvss 5.5epss 0.00
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a…
- risk 0.35cvss 6.5epss 0.00
Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF) vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR…
- risk 0.35cvss 6.5epss 0.00
Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied api_key_file and api_url preferences were passed to the LLM provider clients without validation. An authenticated user could read…
- risk 0.35cvss 6.5epss 0.00
All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host…
- risk 0.35cvss 5.3epss 0.01
A directory listing issue in the baserCMS plugin in D-ZERO CO., LTD. BurgerEditor and BurgerEditor Limited Edition before 2.25.1 allows remote attackers to obtain sensitive information by exposing a list of the uploaded files.
- risk 0.34cvss 6.3epss 0.00
A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable.
- risk 0.34cvss 5.3epss 0.00
The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information.
- risk 0.34cvss 5.3epss 0.00
A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file /dbfood/localhost.sql. This manipulation causes files or directories accessible. The attack can be initiated remotely. The exploit has been made available to…
- risk 0.34cvss 5.3epss 0.00
A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories…
- risk 0.34cvss 5.3epss 0.00
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to sensitive information exposure due to storage of exported CSV files in a publicly accessible directory with predictable filenames in all versions up to, and including, 4.9.2. This makes…