The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.
Deploy different layers of protection to implement security in depth.
CWE-693
CWE-638
CVE-2022-29238
Access-control setting in web-based document collaboration tool is not properly implemented by the code, which prevents listing hidden directories but does not prevent direct requests to files in those directories.