Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-47950

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-18 Jan, 2023 | 00:00
Updated At-04 Apr, 2025 | 15:48
Rejected At-
Credits

An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:18 Jan, 2023 | 00:00
Updated At:04 Apr, 2025 | 15:48
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://launchpad.net/bugs/1998625
N/A
https://security.openstack.org/ossa/OSSA-2023-001.html
N/A
https://lists.debian.org/debian-lts-announce/2023/01/msg00021.html
mailing-list
https://www.debian.org/security/2023/dsa-5327
vendor-advisory
Hyperlink: https://launchpad.net/bugs/1998625
Resource: N/A
Hyperlink: https://security.openstack.org/ossa/OSSA-2023-001.html
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2023/01/msg00021.html
Resource:
mailing-list
Hyperlink: https://www.debian.org/security/2023/dsa-5327
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://launchpad.net/bugs/1998625
x_transferred
https://security.openstack.org/ossa/OSSA-2023-001.html
x_transferred
https://lists.debian.org/debian-lts-announce/2023/01/msg00021.html
mailing-list
x_transferred
https://www.debian.org/security/2023/dsa-5327
vendor-advisory
x_transferred
Hyperlink: https://launchpad.net/bugs/1998625
Resource:
x_transferred
Hyperlink: https://security.openstack.org/ossa/OSSA-2023-001.html
Resource:
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2023/01/msg00021.html
Resource:
mailing-list
x_transferred
Hyperlink: https://www.debian.org/security/2023/dsa-5327
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-552CWE-552 Files or Directories Accessible to External Parties
Type: CWE
CWE ID: CWE-552
Description: CWE-552 Files or Directories Accessible to External Parties
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:18 Jan, 2023 | 17:15
Updated At:04 Apr, 2025 | 16:15

An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CPE Matches
OpenStack
openstack
>>swift>>Versions before 2.28.1(exclusive)
cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*
OpenStack
openstack
>>swift>>Versions from 2.29.0(inclusive) to 2.29.2(exclusive)
cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*
OpenStack
openstack
>>swift>>2.30.0
cpe:2.3:a:openstack:swift:2.30.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-552Primarynvd@nist.gov
CWE-552Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-552
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-552
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://launchpad.net/bugs/1998625cve@mitre.org
Exploit
Issue Tracking
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/01/msg00021.htmlcve@mitre.org
Mailing List
Third Party Advisory
https://security.openstack.org/ossa/OSSA-2023-001.htmlcve@mitre.org
Patch
Vendor Advisory
https://www.debian.org/security/2023/dsa-5327cve@mitre.org
N/A
https://launchpad.net/bugs/1998625af854a3a-2127-422b-91ae-364da2661108
Exploit
Issue Tracking
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/01/msg00021.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://security.openstack.org/ossa/OSSA-2023-001.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
https://www.debian.org/security/2023/dsa-5327af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://launchpad.net/bugs/1998625
Source: cve@mitre.org
Resource:
Exploit
Issue Tracking
Patch
Vendor Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2023/01/msg00021.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://security.openstack.org/ossa/OSSA-2023-001.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: https://www.debian.org/security/2023/dsa-5327
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://launchpad.net/bugs/1998625
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Issue Tracking
Patch
Vendor Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2023/01/msg00021.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://security.openstack.org/ossa/OSSA-2023-001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: https://www.debian.org/security/2023/dsa-5327
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

62Records found
CVE-2022-36306
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.35% / 56.95%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 00:32
Updated-03 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. These vulnerabilities were found in AirVelocity 1500 running software version 9.3.0.01249, were still present in 15.18.00.2511, and may affect other AirVelocity and AirSpeed models.

Action-Not Available
Vendor-Airspan Networks
Product-airvelocity_1500_firmwareairvelocity_1500AirVelocity
CWE ID-CWE-219
Storage of File with Sensitive Data Under Web Root
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2023-32226
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-8.3||HIGH
EPSS-0.06% / 17.37%
||
7 Day CHG~0.00%
Published-30 Jul, 2023 | 07:53
Updated-11 Oct, 2024 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sysaid - CWE-552: Files or Directories Accessible to External Parties

Sysaid - CWE-552: Files or Directories Accessible to External Parties -  Authenticated users may exfiltrate files from the server via an unspecified method.

Action-Not Available
Vendor-SysAid Technologies Ltd.
Product-sysaid_on-premisesSysaid
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2022-28445
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 50.38%
||
7 Day CHG~0.00%
Published-21 Apr, 2022 | 19:04
Updated-03 Aug, 2024 | 05:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module.

Action-Not Available
Vendor-kiteskyn/a
Product-kitecmsn/a
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2019-13140
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.22% / 78.22%
||
7 Day CHG~0.00%
Published-16 Sep, 2019 | 16:24
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP.

Action-Not Available
Vendor-intenogroupn/a
Product-eg200_firmwareeg200n/a
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2021-42644
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 55.91%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 11:21
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file (config / config_database) can be read through this vulnerability.

Action-Not Available
Vendor-cmseasyn/a
Product-cmseasyn/a
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2021-41573
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.72%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 17:50
Updated-04 Aug, 2024 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the file or folder without deleting the link and before the link expires. If the system has been upgraded to version 4.4.5 or 4.5.0 a malicious user with the link could browse and download all files of the authenticated user that created the link .

Action-Not Available
Vendor-n/aHitachi, Ltd.
Product-content_platform_anywheren/a
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2024-8031
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.63%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 20:07
Updated-12 Jun, 2025 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Secure Downloads < 1.2.3 - Admin+ Arbitrary File Download

The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which files can be downloaded. This makes it possible for authenticated attackers, with admin-level access and above, to download arbitrary files that may contain sensitive information like wp-config.php.

Action-Not Available
Vendor-UnknownWP Booking Calendar
Product-secure_downloadsSecure Downloads
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2022-3287
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.28%
||
7 Day CHG+0.02%
Published-28 Sep, 2022 | 19:07
Updated-20 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.

Action-Not Available
Vendor-fwupdn/a
Product-fwupdfwupd
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2024-53649
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.1||HIGH
EPSS-0.08% / 25.40%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 10:30
Updated-11 Mar, 2025 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.80), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.68), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SA82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SA82 (CP150) (All versions < V9.80), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SD82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SD82 (CP150) (All versions < V9.80), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SJ81 (CP100) (All versions >= V7.80), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.80), SIPROTEC 5 7SJ82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.80), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SK82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SK82 (CP150) (All versions < V9.80), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SL82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SL82 (CP150) (All versions < V9.80), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7ST85 (CP300) (All versions < V9.68), SIPROTEC 5 7ST86 (CP300) (All versions < V9.80), SIPROTEC 5 7SX82 (CP150) (All versions < V9.80), SIPROTEC 5 7SX85 (CP300) (All versions < V9.80), SIPROTEC 5 7SY82 (CP150) (All versions < V9.80), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7UT82 (CP100) (All versions >= V7.80), SIPROTEC 5 7UT82 (CP150) (All versions < V9.80), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7VU85 (CP300) (All versions < V9.80), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.80). Affected devices do not properly limit the path accessible via their webserver. This could allow an authenticated remote attacker to read arbitrary files from the filesystem of affected devices.

Action-Not Available
Vendor-Siemens AG
Product-SIPROTEC 5 7SJ85 (CP300)SIPROTEC 5 7SJ81 (CP100)SIPROTEC 5 7VK87 (CP300)SIPROTEC 5 7SD82 (CP100)SIPROTEC 5 7SJ86 (CP300)SIPROTEC 5 7SJ82 (CP150)SIPROTEC 5 7UT85 (CP300)SIPROTEC 5 7SA82 (CP100)SIPROTEC 5 6MD86 (CP300)SIPROTEC 5 7SK85 (CP300)SIPROTEC 5 7UT87 (CP300)SIPROTEC 5 6MD85 (CP300)SIPROTEC 5 7SL82 (CP150)SIPROTEC 5 7UM85 (CP300)SIPROTEC 5 7UT82 (CP150)SIPROTEC 5 7SX82 (CP150)SIPROTEC 5 7KE85 (CP300)SIPROTEC 5 6MD89 (CP300)SIPROTEC 5 7SD86 (CP300)SIPROTEC 5 7ST86 (CP300)SIPROTEC 5 7SD87 (CP300)SIPROTEC 5 7SA87 (CP300)SIPROTEC 5 7SL87 (CP300)SIPROTEC 5 7SS85 (CP300)SIPROTEC 5 7SY82 (CP150)SIPROTEC 5 7VE85 (CP300)SIPROTEC 5 7SX85 (CP300)SIPROTEC 5 7SD82 (CP150)SIPROTEC 5 6MU85 (CP300)SIPROTEC 5 7SA86 (CP300)SIPROTEC 5 7SK82 (CP100)SIPROTEC 5 7SA82 (CP150)SIPROTEC 5 7UT82 (CP100)SIPROTEC 5 7UT86 (CP300)SIPROTEC 5 7SK82 (CP150)SIPROTEC 5 6MD84 (CP300)SIPROTEC 5 Compact 7SX800 (CP050)SIPROTEC 5 7SJ82 (CP100)SIPROTEC 5 7SL86 (CP300)SIPROTEC 5 7VU85 (CP300)SIPROTEC 5 7SJ81 (CP150)SIPROTEC 5 7SL82 (CP100)SIPROTEC 5 7ST85 (CP300)
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2024-52292
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.15% / 36.71%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 16:08
Updated-19 Nov, 2024 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Craft Allows Attackers to Read Arbitrary System Files

Craft is a content management system (CMS). The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function within a system notification template, the attacker can exfiltrate the Base64-encoded file content through a triggered system email notification. Once the email is received, the Base64 payload can be decoded, allowing the attacker to read arbitrary files on the server. This is fixed in 5.4.9 and 4.12.8.

Action-Not Available
Vendor-craftcmscraftcmscraftcms
Product-craft_cmscmscraft_cms
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-9765
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 13.33%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 20:07
Updated-28 May, 2025 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EKC Tournament Manager < 2.2.2 - Local File Download Vulnerability

The EKC Tournament Manager WordPress plugin before 2.2.2 allows a logged in admin to download system files outside of the WordPress directory

Action-Not Available
Vendor-lukashuserUnknown
Product-ekc_tournament_managerEKC Tournament Manager
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2020-5289
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.32% / 54.73%
||
7 Day CHG~0.00%
Published-30 Mar, 2020 | 21:20
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Read permissions not enforced for client provided filter expressions in Elide http client

In Elide before 4.5.14, it is possible for an adversary to "guess and check" the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The presence or absence of models in the returned collection can be used to reconstruct the value of the inaccessible field. Resolved in Elide 4.5.14 and greater.

Action-Not Available
Vendor-elideYahoo Inc.
Product-elideelide
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-552
Files or Directories Accessible to External Parties
  • Previous
  • 1
  • 2
  • Next
Details not found