Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1248 vulnerabilities reference this CWE, most recent first.

GHSA-X4H7-RG57-2FQW

Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12
VLAI
Details

Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-18972"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-25T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via \u0027IsNextToken\u0027 in the component \u0027src/base/PdfToenizer.cpp\u0027.",
  "id": "GHSA-x4h7-rg57-2fqw",
  "modified": "2022-05-24T19:12:12Z",
  "published": "2022-05-24T19:12:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-18972"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/podofo/tickets/49"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-X4MX-M5P4-FMG7

Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36
VLAI
Details

A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-6872"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-08T00:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device.",
  "id": "GHSA-x4mx-m5p4-fmg7",
  "modified": "2022-05-13T01:36:23Z",
  "published": "2022-05-13T01:36:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6872"
    },
    {
      "type": "WEB",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99473"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X4W5-R546-X9QH

Vulnerability from github – Published: 2019-10-11 18:40 – Updated: 2022-01-04 19:51
VLAI
Summary
Arbitrary File Read in html-pdf
Details

All versions of html-pdf are vulnerable to Arbitrary File Read. The package fails to sanitize the HTML input, allowing attackers to exfiltrate server files by supplying malicious HTML code. XHR requests in the HTML code are executed by the server. Input with an XHR request such as request.open("GET","file:///etc/passwd") will result in a PDF document with the contents of /etc/passwd.

Recommendation

No fix is currently available. There is a mitigation available in the provided reference.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "html-pdf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-15138"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-668",
      "CWE-73",
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2019-09-25T12:39:43Z",
    "nvd_published_at": "2019-09-20T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "All versions of `html-pdf` are vulnerable to Arbitrary File Read. The package fails to sanitize the HTML input, allowing attackers to exfiltrate server files by supplying malicious HTML code. XHR requests in the HTML code are executed by the server. Input with an XHR request such as `request.open(\"GET\",\"file:///etc/passwd\")` will result in a PDF document with the contents of `/etc/passwd`.\n\n\n## Recommendation\n\nNo fix is currently available. There is a mitigation available in the provided reference.",
  "id": "GHSA-x4w5-r546-x9qh",
  "modified": "2022-01-04T19:51:51Z",
  "published": "2019-10-11T18:40:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15138"
    },
    {
      "type": "WEB",
      "url": "https://github.com/marcbachmann/node-html-pdf/issues/530"
    },
    {
      "type": "WEB",
      "url": "https://github.com/marcbachmann/node-html-pdf/issues/530#issuecomment-535045123"
    },
    {
      "type": "WEB",
      "url": "https://github.com/marcbachmann/node-html-pdf/commit/c12d6977778014139183c9f8da7579fd7ac65362"
    },
    {
      "type": "WEB",
      "url": "https://github.com/marcbachmann/node-html-pdf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/marcbachmann/node-html-pdf/releases/tag/v3.0.1"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20191017-0005"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1095"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Arbitrary File Read in html-pdf"
}

GHSA-X53G-GCP2-FP24

Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-07-13 00:01
VLAI
Details

Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-35302"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-28T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information.",
  "id": "GHSA-x53g-gcp2-fp24",
  "modified": "2022-07-13T00:01:28Z",
  "published": "2022-05-24T19:06:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35302"
    },
    {
      "type": "WEB",
      "url": "https://zammad.com/en/advisories/zaa-2021-04"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X66F-CJPX-7PQ8

Vulnerability from github – Published: 2023-08-03 03:30 – Updated: 2024-04-04 06:30
VLAI
Details

Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33368"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-03T01:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes.",
  "id": "GHSA-x66f-cjpx-7pq8",
  "modified": "2024-04-04T06:30:08Z",
  "published": "2023-08-03T03:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33368"
    },
    {
      "type": "WEB",
      "url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33368"
    },
    {
      "type": "WEB",
      "url": "https://www.controlid.com.br/en/access-control/idsecure"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X6FR-Q2Q3-7FQ4

Vulnerability from github – Published: 2022-02-09 00:00 – Updated: 2022-10-06 00:00
VLAI
Details

In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-23331"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-08T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password.",
  "id": "GHSA-x6fr-q2q3-7fq4",
  "modified": "2022-10-06T00:00:58Z",
  "published": "2022-02-09T00:00:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23331"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dataease/dataease/issues/1618"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X6HG-QH4Q-23X7

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-07-13 00:01
VLAI
Details

IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passowrds of other users in the Windows AD enviornemnt when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-20488"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-16T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passowrds of other users in the Windows AD enviornemnt when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789.",
  "id": "GHSA-x6hg-qh4q-23x7",
  "modified": "2022-07-13T00:01:04Z",
  "published": "2022-05-24T19:05:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20488"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197789"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6464081"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X749-289Q-PG9Q

Vulnerability from github – Published: 2024-07-18 12:30 – Updated: 2025-03-14 18:30
VLAI
Details

A partial fix for  CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.

Users are recommended to upgrade to version 2.4.62, which fixes this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-40725"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-18T10:15:02Z",
    "severity": "MODERATE"
  },
  "details": "A partial fix for\u00a0 CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. \"AddType\" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\n\nUsers are recommended to upgrade to version 2.4.62, which fixes this issue.",
  "id": "GHSA-x749-289q-pg9q",
  "modified": "2025-03-14T18:30:41Z",
  "published": "2024-07-18T12:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40725"
    },
    {
      "type": "WEB",
      "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240808-0007"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X7V9-MPXR-PG87

Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-07-13 00:01
VLAI
Details

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-31547"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-22T03:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules.",
  "id": "GHSA-x7v9-mpxr-pg87",
  "modified": "2022-07-13T00:01:24Z",
  "published": "2022-05-24T17:48:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31547"
    },
    {
      "type": "WEB",
      "url": "https://gerrit.wikimedia.org/r/q/I3f7dbd8b873d411e37c8c3aac2339bf5ec36907d"
    },
    {
      "type": "WEB",
      "url": "https://gerrit.wikimedia.org/r/q/I4900b1be73323599d74e3164447f81eded094d75"
    },
    {
      "type": "WEB",
      "url": "https://phabricator.wikimedia.org/T223654"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X84C-P2G9-RQV9

Vulnerability from github – Published: 2024-04-18 21:52 – Updated: 2024-04-19 16:19
VLAI
Summary
IPv6 enabled on IPv4-only network interfaces
Details

In 26.0.0 and 26.0.1, IPv6 is not disabled on network interfaces, including those belonging to networks where --ipv6=false.

Impact

A container with an ipvlan or macvlan interface will normally be configured to share an external network link with the host machine. Because of this direct access, with IPv6 enabled:

  • Containers may be able to communicate with other hosts on the local network over link-local IPv6 addresses.
  • If router advertisements are being broadcast over the local network, containers may get SLAAC-assigned addresses.
  • The interface will be a member of IPv6 multicast groups.

This means interfaces in IPv4-only networks present an unexpectedly and unnecessarily increased attack surface.

A container with an unexpected IPv6 address can do anything a container configured with an IPv6 address can do. That is, listen for connections on its IPv6 address, open connections to other nodes on the network over IPv6, or attempt a DoS attack by flooding packets from its IPv6 address. This has CVSS score AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L (2.7).

Because the container may not be constrained by an IPv6 firewall, there is increased potential for data exfiltration from the container. This has CVSS score AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N (4.7).

A remote attacker could send malicious Router Advertisements to divert traffic to itself, a black-hole, or another device. The same attack is possible today for IPv4 macvlan/ipvlan endpoints with ARP spoofing, TLS is commonly used by Internet APIs to mitigate this risk. The presence of an IPv6 route could impact the container's availability by indirectly abusing the behaviour of software which behaves poorly in a dual-stack environment. For example, it could resolve a name to a DNS AAAA record and keep trying to connect over IPv6 without ever falling back to IPv4, potentially denying service to the container. This has CVSS score AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H (4.5).

Patches

The issue is patched in 26.0.2.

Workarounds

To completely disable IPv6 in a container, use --sysctl=net.ipv6.conf.all.disable_ipv6=1 in the docker create or docker run command. Or, in the service configuration of a compose file, the equivalent:

        sysctls:
            - net.ipv6.conf.all.disable_ipv6=1

References

  • sysctl configuration using docker run:
  • https://docs.docker.com/reference/cli/docker/container/run/#sysctl
  • sysctl configuration using docker compose:
  • https://docs.docker.com/compose/compose-file/compose-file-v3/#sysctls
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/docker/docker"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "26.0.0"
            },
            {
              "fixed": "26.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-32473"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-18T21:52:08Z",
    "nvd_published_at": "2024-04-18T22:15:10Z",
    "severity": "MODERATE"
  },
  "details": "In 26.0.0 and 26.0.1, IPv6 is not disabled on network interfaces, including those belonging to networks where `--ipv6=false`.\n\n### Impact\n\nA container with an `ipvlan` or `macvlan` interface will normally be configured to share an external network link with the host machine. Because of this direct access, with IPv6 enabled:\n\n- Containers may be able to communicate with other hosts on the local network over link-local IPv6 addresses.\n- If router advertisements are being broadcast over the local network, containers may get SLAAC-assigned addresses.\n- The interface  will be a member of IPv6 multicast groups.\n\nThis means interfaces in IPv4-only networks present an unexpectedly and unnecessarily increased attack surface.\n\nA container with an unexpected IPv6 address can do anything a container configured with an IPv6 address can do. That is, listen for connections on its IPv6 address, open connections to other nodes on the network over IPv6, or attempt a DoS attack by flooding packets from its IPv6 address. This has CVSS score AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L (2.7).\n\nBecause the container may not be constrained by an IPv6 firewall, there is increased potential for data exfiltration from the container. This has CVSS score AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N (4.7).\n\nA remote attacker could send malicious Router Advertisements to divert traffic to itself, a black-hole, or another device. The same attack is possible today for IPv4 macvlan/ipvlan endpoints with ARP spoofing, TLS is commonly used by Internet APIs to mitigate this risk. The presence of an IPv6 route could impact the container\u0027s availability by indirectly abusing the behaviour of software which behaves poorly in a dual-stack environment. For example, it could resolve a name to a DNS AAAA record and keep trying to connect over IPv6 without ever falling back to IPv4, potentially denying service to the container. This has CVSS score AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H (4.5).\n\n### Patches\n\nThe issue is patched in 26.0.2.\n\n### Workarounds\n\nTo completely disable IPv6 in a container, use `--sysctl=net.ipv6.conf.all.disable_ipv6=1` in the `docker create` or `docker run` command. Or, in the service configuration of a `compose` file, the equivalent:\n\n```\n        sysctls:\n            - net.ipv6.conf.all.disable_ipv6=1\n```\n\n### References\n\n- sysctl configuration using `docker run`:\n  - https://docs.docker.com/reference/cli/docker/container/run/#sysctl\n- sysctl configuration using `docker compose`:\n  - https://docs.docker.com/compose/compose-file/compose-file-v3/#sysctls",
  "id": "GHSA-x84c-p2g9-rqv9",
  "modified": "2024-04-19T16:19:42Z",
  "published": "2024-04-18T21:52:08Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/moby/moby/security/advisories/GHSA-x84c-p2g9-rqv9"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32473"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moby/moby/commit/7cef0d9cd1cf221d8c0b7b7aeda69552649e0642"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/moby/moby"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "IPv6 enabled on IPv4-only network interfaces"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.