Path traversal may allow malicious actors to access file content not intended to be exposed to them. For example a user may be able to access sensitive secrets stored within app files (e.g. UserDefaults/Plists/.etc.). Alternatively, users with access to a victim’s phone may be able to obtain senstivie data persisted by the application.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-35: Path Traversal
OWASP:
- A01:2021 - Broken Access Control