CWE-529 - Exposure of Access Control List Files to an Unauthorized Control Sphere
- Abstraction:Variant
- Structure:Simple
- Status:Incomplete
- Release Date:2006-07-19
- Latest Modification Date:2023-06-29
Weakness Name
Exposure of Access Control List Files to an Unauthorized Control Sphere
Description
The product stores access control list files in a directory or other container that is accessible to actors outside of the intended control sphere.
Exposure of these access control list files may give the attacker information about the configuration of the site or system. This information may then be used to bypass the intended security policy or identify trusted systems from which an attack can be launched.
Common Consequences
Scope: Confidentiality, Access Control
Impact: Read Application Data, Bypass Protection Mechanism
Related Weaknesses
Port of Seattle says ransomware breach impacts 90,000 people
PoisonSeed phishing campaign behind emails with wallet seed phrases
Australian pension funds hit by wave of credential stuffing attacks
Europcar GitLab breach exposes data of up to 200,000 customers
OpenAI's $20 ChatGPT Plus is now free for students until the end of May
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware
OPSEC Failure Exposes Coquettte's Malware Campaigns on Bulletproof Hosting Servers
CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
MediumELMAH Information Leak
InformationalGraphQL Endpoint Supports Introspection
InformationalStorable and Cacheable Content
InformationalInformation Disclosure - Sensitive Information in URL
InformationalStorable but Non-Cacheable Content