CWE-668
DiscouragedExposure of Resource to Wrong Sphere
Abstraction: Class · Status: Draft
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
1248 vulnerabilities reference this CWE, most recent first.
GHSA-X8XX-X82Q-42Q3
Vulnerability from github – Published: 2022-02-19 00:01 – Updated: 2023-08-08 20:08When image files are uploaded, they are made accessible under a name similar to the original file name. There are two issues with this. Both require access to uploading images in order to exploit them, this limits the impact. The first issue is that certain injection attacks can be possible, since not all possible attack vectors are removed from the original file name.
The second issue is that direct access to the images is not access controlled. This is by design, for performance reasons, and documented as such. But it does mean that images not meant to be publicly accessible can be accessed, provided that the image path and filename is correctly deduced and/or guessed, through dictionary attacks and similar.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "ezsystems/ezplatform-kernel"
},
"ranges": [
{
"events": [
{
"introduced": "1.3.0"
},
{
"fixed": "1.3.12"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-25336"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2022-03-04T21:37:29Z",
"nvd_published_at": "2022-02-18T18:15:00Z",
"severity": "MODERATE"
},
"details": "When image files are uploaded, they are made accessible under a name similar to the original file name. There are two issues with this. Both require access to uploading images in order to exploit them, this limits the impact. The first issue is that certain injection attacks can be possible, since not all possible attack vectors are removed from the original file name.\n\nThe second issue is that direct access to the images is not access controlled. This is by design, for performance reasons, and documented as such. But it does mean that images not meant to be publicly accessible can be accessed, provided that the image path and filename is correctly deduced and/or guessed, through dictionary attacks and similar.",
"id": "GHSA-x8xx-x82q-42q3",
"modified": "2023-08-08T20:08:33Z",
"published": "2022-02-19T00:01:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25336"
},
{
"type": "WEB",
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization"
},
{
"type": "PACKAGE",
"url": "https://github.com/ezsystems/ezplatform-kernel"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Exposure of Resource to Wrong Sphere in ezsystems/ezplatform-kernel"
}
GHSA-X92G-6C25-C2JV
Vulnerability from github – Published: 2022-07-24 00:00 – Updated: 2022-07-28 00:00Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2022-1128"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-23T00:15:00Z",
"severity": "MODERATE"
},
"details": "Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page.",
"id": "GHSA-x92g-6c25-c2jv",
"modified": "2022-07-28T00:00:41Z",
"published": "2022-07-24T00:00:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1128"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1301920"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-25"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X944-9RCX-936C
Vulnerability from github – Published: 2022-09-09 00:00 – Updated: 2022-09-14 00:00IBM Planning Analytics Local 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 217371.
{
"affected": [],
"aliases": [
"CVE-2022-22314"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-08T16:15:00Z",
"severity": "LOW"
},
"details": "IBM Planning Analytics Local 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 217371.",
"id": "GHSA-x944-9rcx-936c",
"modified": "2022-09-14T00:00:46Z",
"published": "2022-09-09T00:00:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22314"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/217371"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6615289"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X9CP-W29R-P2QW
Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-07-13 00:01Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period.
{
"affected": [],
"aliases": [
"CVE-2021-27001"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-19T15:15:00Z",
"severity": "MODERATE"
},
"details": "Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period.",
"id": "GHSA-x9cp-w29r-p2qw",
"modified": "2022-07-13T00:01:12Z",
"published": "2022-05-24T19:17:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27001"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20211018-0001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X9G8-86PV-45JG
Vulnerability from github – Published: 2022-12-12 06:30 – Updated: 2022-12-13 18:30Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted. Also, a potential attack could be used to leave the CMS's scope and impact the database. A successful attack could have a low impact on confidentiality, a high impact on integrity, and a low impact on availability.
{
"affected": [],
"aliases": [
"CVE-2022-31596"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-12T04:15:00Z",
"severity": "MODERATE"
},
"details": "Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted. Also, a potential attack could be used to leave the CMS\u0027s scope and impact the database. A successful attack could have a low impact on confidentiality, a high impact on integrity, and a low impact on availability.",
"id": "GHSA-x9g8-86pv-45jg",
"modified": "2022-12-13T18:30:26Z",
"published": "2022-12-12T06:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31596"
},
{
"type": "WEB",
"url": "https://launchpad.support.sap.com/#/notes/3213507"
},
{
"type": "WEB",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-X9R7-CJM2-H6CP
Vulnerability from github – Published: 2022-01-02 00:00 – Updated: 2022-08-05 00:00Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.
{
"affected": [],
"aliases": [
"CVE-2021-44717"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-01T05:15:00Z",
"severity": "HIGH"
},
"details": "Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.",
"id": "GHSA-x9r7-cjm2-h6cp",
"modified": "2022-08-05T00:00:27Z",
"published": "2022-01-02T00:00:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X9RP-8J88-VH76
Vulnerability from github – Published: 2024-02-27 12:31 – Updated: 2024-04-10 18:30In the Linux kernel, the following vulnerability has been resolved:
binder: fix async_free_space accounting for empty parcels
In 4.13, commit 74310e06be4d ("android: binder: Move buffer out of area shared with user space") fixed a kernel structure visibility issue. As part of that patch, sizeof(void *) was used as the buffer size for 0-length data payloads so the driver could detect abusive clients sending 0-length asynchronous transactions to a server by enforcing limits on async_free_size.
Unfortunately, on the "free" side, the accounting of async_free_space did not add the sizeof(void *) back. The result was that up to 8-bytes of async_free_space were leaked on every async transaction of 8-bytes or less. These small transactions are uncommon, so this accounting issue has gone undetected for several years.
The fix is to use "buffer_size" (the allocated buffer size) instead of "size" (the logical buffer size) when updating the async_free_space during the free operation. These are the same except for this corner case of asynchronous transactions with payloads < 8 bytes.
{
"affected": [],
"aliases": [
"CVE-2021-46935"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-27T10:15:07Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix async_free_space accounting for empty parcels\n\nIn 4.13, commit 74310e06be4d (\"android: binder: Move buffer out of area shared with user space\")\nfixed a kernel structure visibility issue. As part of that patch,\nsizeof(void *) was used as the buffer size for 0-length data payloads so\nthe driver could detect abusive clients sending 0-length asynchronous\ntransactions to a server by enforcing limits on async_free_size.\n\nUnfortunately, on the \"free\" side, the accounting of async_free_space\ndid not add the sizeof(void *) back. The result was that up to 8-bytes of\nasync_free_space were leaked on every async transaction of 8-bytes or\nless. These small transactions are uncommon, so this accounting issue\nhas gone undetected for several years.\n\nThe fix is to use \"buffer_size\" (the allocated buffer size) instead of\n\"size\" (the logical buffer size) when updating the async_free_space\nduring the free operation. These are the same except for this\ncorner case of asynchronous transactions with payloads \u003c 8 bytes.",
"id": "GHSA-x9rp-8j88-vh76",
"modified": "2024-04-10T18:30:47Z",
"published": "2024-02-27T12:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46935"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/103b16a8c51f96d5fe063022869ea906c256e5da"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2d2df539d05205fd83c404d5f2dff48d36f9b495"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7c7064402609aeb6fb11be1b4ec10673ff17b593"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cfd0d84ba28c18b531648c9d4a35ecca89ad9901"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XC2Q-PRRJ-8CP6
Vulnerability from github – Published: 2023-06-14 00:30 – Updated: 2024-04-04 04:48Windows Installer Information Disclosure Vulnerability
{
"affected": [],
"aliases": [
"CVE-2023-32016"
],
"database_specific": {
"cwe_ids": [
"CWE-668",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-14T00:15:11Z",
"severity": "MODERATE"
},
"details": "Windows Installer Information Disclosure Vulnerability",
"id": "GHSA-xc2q-prrj-8cp6",
"modified": "2024-04-04T04:48:53Z",
"published": "2023-06-14T00:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32016"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32016"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XCJR-GM58-GW5Q
Vulnerability from github – Published: 2022-01-11 00:01 – Updated: 2023-08-08 15:31The distributed data service component has a vulnerability in data access control. Successful exploitation of this vulnerability may affect data confidentiality.
{
"affected": [],
"aliases": [
"CVE-2021-40005"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-10T14:10:00Z",
"severity": "HIGH"
},
"details": "The distributed data service component has a vulnerability in data access control. Successful exploitation of this vulnerability may affect data confidentiality.",
"id": "GHSA-xcjr-gm58-gw5q",
"modified": "2023-08-08T15:31:31Z",
"published": "2022-01-11T00:01:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40005"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XCX2-X6F7-987C
Vulnerability from github – Published: 2022-05-13 01:39 – Updated: 2022-05-13 01:39Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219.
{
"affected": [],
"aliases": [
"CVE-2017-0215"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-15T01:29:00Z",
"severity": "MODERATE"
},
"details": "Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka \"Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.\" This CVE ID is unique from CVE-2017-0173, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219.",
"id": "GHSA-xcx2-x6f7-987c",
"modified": "2022-05-13T01:39:49Z",
"published": "2022-05-13T01:39:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0215"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0215"
},
{
"type": "WEB",
"url": "https://posts.specterops.io/umci-bypass-using-psworkflowutility-cve-2017-0215-71c76c1588f9"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/98879"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038669"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.