Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1251 vulnerabilities reference this CWE, most recent first.

GHSA-RGFX-7P65-3FF4

Vulnerability from github – Published: 2025-02-04 12:30 – Updated: 2025-02-18 22:31
VLAI
Summary
Apache Cassandra: unrestricted deserialization of JMX authentication credentials
Details

In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorized operations.

This is same vulnerability that CVE-2020-13946 was issued for, but the Java option was changed in JDK10.

This issue affects Apache Cassandra from 4.0.2 through 5.0.2 running Java 11.

Operators are recommended to upgrade to a release equal to or later than 4.0.15, 4.1.8, or 5.0.3 which fixes the issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.cassandra:cassandra-all"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0-beta1"
            },
            {
              "fixed": "5.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.cassandra:cassandra-all"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.1.0"
            },
            {
              "fixed": "4.1.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.cassandra:cassandra-all"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.2"
            },
            {
              "fixed": "4.0.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-27137"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-02-04T18:39:25Z",
    "nvd_published_at": "2025-02-04T11:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorized operations.\n\nThis is same vulnerability that CVE-2020-13946 was issued for, but the Java option was changed in JDK10.\n\nThis issue affects Apache Cassandra from 4.0.2 through 5.0.2 running Java 11.\n\nOperators are recommended to upgrade to a release equal to or later than 4.0.15, 4.1.8, or 5.0.3 which fixes the issue.",
  "id": "GHSA-rgfx-7p65-3ff4",
  "modified": "2025-02-18T22:31:37Z",
  "published": "2025-02-04T12:30:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27137"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/cassandra"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/jsk87d9yv8r204mgqpz1qxtp5wcrpysm"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250214-0004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Cassandra: unrestricted deserialization of JMX authentication credentials"
}

GHSA-RGP2-M7FC-79R8

Vulnerability from github – Published: 2022-01-02 00:00 – Updated: 2023-08-08 15:31
VLAI
Details

An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity process can open the driver's device object and issue IOCTLs to read or write to arbitrary physical memory locations (or call an arbitrary address), leading to execution of arbitrary code. This is associated with 0x226040, 0x226044, and 0x226000.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-44852"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-01T06:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity process can open the driver\u0027s device object and issue IOCTLs to read or write to arbitrary physical memory locations (or call an arbitrary address), leading to execution of arbitrary code. This is associated with 0x226040, 0x226044, and 0x226000.",
  "id": "GHSA-rgp2-m7fc-79r8",
  "modified": "2023-08-08T15:31:29Z",
  "published": "2022-01-02T00:00:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44852"
    },
    {
      "type": "WEB",
      "url": "https://nephosec.com/biostar-exploit"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RHRH-2GJF-7XQF

Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-05-24 19:06
VLAI
Details

A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox < 88.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-24001"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-24T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox \u003c 88.",
  "id": "GHSA-rhrh-2gjf-7xqf",
  "modified": "2022-05-24T19:06:10Z",
  "published": "2022-05-24T19:06:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24001"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1694727"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2021-16"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-RJ48-QJ2X-783M

Vulnerability from github – Published: 2023-02-15 15:30 – Updated: 2023-02-24 18:30
VLAI
Details

AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-25192"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-15T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00.",
  "id": "GHSA-rj48-qj2x-783m",
  "modified": "2023-02-24T18:30:27Z",
  "published": "2023-02-15T15:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25192"
    },
    {
      "type": "WEB",
      "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023002.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RJWW-2X8V-M9V9

Vulnerability from github – Published: 2021-04-19 14:52 – Updated: 2022-09-21 19:31
VLAI
Summary
Potential sensitive data exposure in applications using Vaadin 15
Details

Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 (Vaadin 15.0.0 through 15.0.4) may expose sensitive data if the application also uses e.g. @RestController

  • https://vaadin.com/security/cve-2020-36319
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.vaadin:flow-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-36319"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-16T23:16:31Z",
    "nvd_published_at": "2021-04-23T16:15:00Z",
    "severity": "LOW"
  },
  "details": "Insecure configuration of default `ObjectMapper` in `com.vaadin:flow-server` versions 3.0.0 through 3.0.5 (Vaadin 15.0.0 through 15.0.4) may expose sensitive data if the application also uses e.g. `@RestController`\n\n- https://vaadin.com/security/cve-2020-36319",
  "id": "GHSA-rjww-2x8v-m9v9",
  "modified": "2022-09-21T19:31:15Z",
  "published": "2021-04-19T14:52:14Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/vaadin/flow/security/advisories/GHSA-rjww-2x8v-m9v9"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36319"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vaadin/flow/pull/8016"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vaadin/flow/pull/8051"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vaadin/flow"
    },
    {
      "type": "WEB",
      "url": "https://vaadin.com/security/cve-2020-36319"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Potential sensitive data exposure in applications using Vaadin 15"
}

GHSA-RJXF-4M2W-4CQQ

Vulnerability from github – Published: 2023-09-18 21:30 – Updated: 2024-04-04 07:43
VLAI
Details

An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-39058"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-18T21:15:55Z",
    "severity": "MODERATE"
  },
  "details": "An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages.",
  "id": "GHSA-rjxf-4m2w-4cqq",
  "modified": "2024-04-04T07:43:28Z",
  "published": "2023-09-18T21:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39058"
    },
    {
      "type": "WEB",
      "url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39058.md"
    },
    {
      "type": "WEB",
      "url": "http://thebmembers.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RMC2-G977-JR5R

Vulnerability from github – Published: 2022-05-24 17:08 – Updated: 2022-05-24 17:08
VLAI
Details

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-8449"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-04T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.",
  "id": "GHSA-rmc2-g977-jr5r",
  "modified": "2022-05-24T17:08:00Z",
  "published": "2022-05-24T17:08:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8449"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202003-34"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210304-0002"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4289-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4682"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch"
    },
    {
      "type": "WEB",
      "url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch"
    },
    {
      "type": "WEB",
      "url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch"
    },
    {
      "type": "WEB",
      "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch"
    },
    {
      "type": "WEB",
      "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-RP69-VV8V-JVMW

Vulnerability from github – Published: 2023-10-11 12:30 – Updated: 2024-04-04 08:33
VLAI
Details

The Bluetooth module has a vulnerability in permission control for broadcast notifications.Successful exploitation of this vulnerability may affect confidentiality.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-44101"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-11T12:15:11Z",
    "severity": "HIGH"
  },
  "details": "The Bluetooth module has a vulnerability in permission control for broadcast notifications.Successful exploitation of this vulnerability may affect confidentiality.",
  "id": "GHSA-rp69-vv8v-jvmw",
  "modified": "2024-04-04T08:33:43Z",
  "published": "2023-10-11T12:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44101"
    },
    {
      "type": "WEB",
      "url": "https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RP88-5VG5-8WX2

Vulnerability from github – Published: 2022-09-20 00:00 – Updated: 2022-09-22 00:00
VLAI
Details

Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can obtain the private key information for the uploaded certificate. IBM X-Force ID: 235718.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-40234"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-19T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can obtain the private key information for the uploaded certificate. IBM X-Force ID: 235718.",
  "id": "GHSA-rp88-5vg5-8wx2",
  "modified": "2022-09-22T00:00:26Z",
  "published": "2022-09-20T00:00:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40234"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235718"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6619947"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RPGF-WX3X-J576

Vulnerability from github – Published: 2022-03-26 00:00 – Updated: 2022-03-31 00:00
VLAI
Details

Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-27919"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-25T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API.",
  "id": "GHSA-rpgf-wx3x-j576",
  "modified": "2022-03-31T00:00:33Z",
  "published": "2022-03-26T00:00:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27919"
    },
    {
      "type": "WEB",
      "url": "https://security.gradle.com/advisory/2022-05"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.