1. Home
  2. CWE Database
  3. CWE-530
Variant · Low-Medium

CWE-530: Exposure of Backup File to an Unauthorized Control Sphere

A backup file is stored in a directory or archive that is made accessible to unauthorized actors.

CWE-530 · Variant Level ·1 CVEs ·1 Mitigations

Description

A backup file is stored in a directory or archive that is made accessible to unauthorized actors.

Often, older backup files are renamed with an extension such as .~bk to distinguish them from production files. The source code for old files that have been renamed in this manner and left in the webroot can often be retrieved. This renaming may have been performed automatically by the web server, or manually by the administrator.

Potential Impact

Confidentiality

Read Application Data

Mitigations & Prevention

Policy

Recommendations include implementing a security policy within your organization that prohibits backing up web application source code in the webroot.

Detection Methods

  • Automated Static Analysis High — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea

Real-World CVE Examples

CVE IDDescription
CVE-2024-7315Chain: WordPress plugin does not use sufficient randomness when generating the filename for a backup (CWE-340), allowing attackers to obtain backup files (CWE-530)

CWE-552: Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

Frequently Asked Questions

What is CWE-530?

CWE-530 (Exposure of Backup File to an Unauthorized Control Sphere) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. A backup file is stored in a directory or archive that is made accessible to unauthorized actors.

How can CWE-530 be exploited?

Attackers can exploit CWE-530 (Exposure of Backup File to an Unauthorized Control Sphere) to read application data. This weakness is typically introduced during the Operation phase of software development.

How do I prevent CWE-530?

Key mitigations include: Recommendations include implementing a security policy within your organization that prohibits backing up web application source code in the webroot.

What is the severity of CWE-530?

CWE-530 is classified as a Variant-level weakness (Low-Medium abstraction). It has been observed in 1 real-world CVEs.