Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1248 vulnerabilities reference this CWE, most recent first.

GHSA-XF2W-RWCJ-Q83W

Vulnerability from github – Published: 2022-12-28 21:30 – Updated: 2023-01-06 21:30
VLAI
Details

A vulnerability was found in centic9 jgit-cookbook. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insecure temporary file. The attack can be initiated remotely. The name of the patch is b8cb29b43dc704708d598c60ac1881db7cf8e9c3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216988.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4817"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-377",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-28T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was found in centic9 jgit-cookbook. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insecure temporary file. The attack can be initiated remotely. The name of the patch is b8cb29b43dc704708d598c60ac1881db7cf8e9c3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216988.",
  "id": "GHSA-xf2w-rwcj-q83w",
  "modified": "2023-01-06T21:30:42Z",
  "published": "2022-12-28T21:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4817"
    },
    {
      "type": "WEB",
      "url": "https://github.com/centic9/jgit-cookbook/pull/86"
    },
    {
      "type": "WEB",
      "url": "https://github.com/centic9/jgit-cookbook/commit/b8cb29b43dc704708d598c60ac1881db7cf8e9c3"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.216988"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.216988"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XFCW-6C56-RP9P

Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-08-13 00:00
VLAI
Details

Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-25352"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-25T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent.",
  "id": "GHSA-xfcw-6c56-rp9p",
  "modified": "2022-08-13T00:00:33Z",
  "published": "2022-05-24T17:45:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25352"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/serviceWeb.smsb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XG48-JQ9V-2X5F

Vulnerability from github – Published: 2022-10-07 18:15 – Updated: 2022-10-12 12:00
VLAI
Details

Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-39860"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-07T15:15:00Z",
    "severity": "LOW"
  },
  "details": "Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast.",
  "id": "GHSA-xg48-jq9v-2x5f",
  "modified": "2022-10-12T12:00:21Z",
  "published": "2022-10-07T18:15:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39860"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XG6V-XH9G-65CV

Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2024-04-04 01:12
VLAI
Details

On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-13379"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-07T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device\u0027s web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults\u0026src=RA reset and using the default credentials to get in.",
  "id": "GHSA-xg6v-xh9g-65cv",
  "modified": "2024-04-04T01:12:47Z",
  "published": "2022-05-24T16:49:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13379"
    },
    {
      "type": "WEB",
      "url": "https://jordonlovik.wordpress.com/2019/07/06/roomalert-by-avtech-critical-vulnerability-disclosure"
    },
    {
      "type": "WEB",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
    },
    {
      "type": "WEB",
      "url": "https://www.youtube.com/watch?v=X1PY7kMFkVg"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XGC4-84F6-P6XR

Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2022-05-13 01:02
VLAI
Details

VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-5334"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-12-29T09:59:00Z",
    "severity": "MODERATE"
  },
  "details": "VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.",
  "id": "GHSA-xgc4-84f6-p6xr",
  "modified": "2022-05-13T01:02:39Z",
  "published": "2022-05-13T01:02:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5334"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94482"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037326"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2016-0021.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XGQ6-2343-XVCM

Vulnerability from github – Published: 2021-12-08 00:01 – Updated: 2023-08-08 15:31
VLAI
Details

A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40288"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-07T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames",
  "id": "GHSA-xgq6-2343-xvcm",
  "modified": "2023-08-08T15:31:24Z",
  "published": "2021-12-08T00:01:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40288"
    },
    {
      "type": "WEB",
      "url": "https://www.tp-link.com/us/support/download/archer-ax10/v1/#Firmware"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XH3C-FG2P-F6RR

Vulnerability from github – Published: 2022-06-10 00:00 – Updated: 2022-06-18 00:00
VLAI
Details

ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-31649"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-09T04:15:00Z",
    "severity": "HIGH"
  },
  "details": "ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer.",
  "id": "GHSA-xh3c-fg2p-f6rr",
  "modified": "2022-06-18T00:00:23Z",
  "published": "2022-06-10T00:00:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31649"
    },
    {
      "type": "WEB",
      "url": "https://cwe.mitre.org/data/definitions/212.html"
    },
    {
      "type": "WEB",
      "url": "https://owncloud.com/security-advisories/cve-2022-31649"
    },
    {
      "type": "WEB",
      "url": "https://owncloud.org/security"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XH52-RG2R-X4M5

Vulnerability from github – Published: 2022-08-20 00:00 – Updated: 2022-08-25 00:00
VLAI
Details

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2792"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-19T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "Emerson Electric\u0027s Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists.",
  "id": "GHSA-xh52-rg2r-x4m5",
  "modified": "2022-08-25T00:00:26Z",
  "published": "2022-08-20T00:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2792"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-06"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XHF8-M475-367R

Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2024-11-06 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

tipc: fix kernel warning when sending SYN message

When sending a SYN message, this kernel stack trace is observed:

... [ 13.396352] RIP: 0010:_copy_from_iter+0xb4/0x550 ... [ 13.398494] Call Trace: [ 13.398630] [ 13.398630] ? __alloc_skb+0xed/0x1a0 [ 13.398630] tipc_msg_build+0x12c/0x670 [tipc] [ 13.398630] ? shmem_add_to_page_cache.isra.71+0x151/0x290 [ 13.398630] __tipc_sendmsg+0x2d1/0x710 [tipc] [ 13.398630] ? tipc_connect+0x1d9/0x230 [tipc] [ 13.398630] ? __local_bh_enable_ip+0x37/0x80 [ 13.398630] tipc_connect+0x1d9/0x230 [tipc] [ 13.398630] ? __sys_connect+0x9f/0xd0 [ 13.398630] __sys_connect+0x9f/0xd0 [ 13.398630] ? preempt_count_add+0x4d/0xa0 [ 13.398630] ? fpregs_assert_state_consistent+0x22/0x50 [ 13.398630] __x64_sys_connect+0x16/0x20 [ 13.398630] do_syscall_64+0x42/0x90 [ 13.398630] entry_SYSCALL_64_after_hwframe+0x63/0xcd

It is because commit a41dad905e5a ("iov_iter: saner checks for attempt to copy to/from iterator") has introduced sanity check for copying from/to iov iterator. Lacking of copy direction from the iterator viewpoint would lead to kernel stack trace like above.

This commit fixes this issue by initializing the iov iterator with the correct copy direction when sending SYN or ACK without data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52700"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T16:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix kernel warning when sending SYN message\n\nWhen sending a SYN message, this kernel stack trace is observed:\n\n...\n[   13.396352] RIP: 0010:_copy_from_iter+0xb4/0x550\n...\n[   13.398494] Call Trace:\n[   13.398630]  \u003cTASK\u003e\n[   13.398630]  ? __alloc_skb+0xed/0x1a0\n[   13.398630]  tipc_msg_build+0x12c/0x670 [tipc]\n[   13.398630]  ? shmem_add_to_page_cache.isra.71+0x151/0x290\n[   13.398630]  __tipc_sendmsg+0x2d1/0x710 [tipc]\n[   13.398630]  ? tipc_connect+0x1d9/0x230 [tipc]\n[   13.398630]  ? __local_bh_enable_ip+0x37/0x80\n[   13.398630]  tipc_connect+0x1d9/0x230 [tipc]\n[   13.398630]  ? __sys_connect+0x9f/0xd0\n[   13.398630]  __sys_connect+0x9f/0xd0\n[   13.398630]  ? preempt_count_add+0x4d/0xa0\n[   13.398630]  ? fpregs_assert_state_consistent+0x22/0x50\n[   13.398630]  __x64_sys_connect+0x16/0x20\n[   13.398630]  do_syscall_64+0x42/0x90\n[   13.398630]  entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nIt is because commit a41dad905e5a (\"iov_iter: saner checks for attempt\nto copy to/from iterator\") has introduced sanity check for copying\nfrom/to iov iterator. Lacking of copy direction from the iterator\nviewpoint would lead to kernel stack trace like above.\n\nThis commit fixes this issue by initializing the iov iterator with\nthe correct copy direction when sending SYN or ACK without data.",
  "id": "GHSA-xhf8-m475-367r",
  "modified": "2024-11-06T18:31:04Z",
  "published": "2024-05-21T18:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52700"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/11a4d6f67cf55883dc78e31c247d1903ed7feccc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/54b6082aec178f16ad6d193b4ecdc9c4823d9a32"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XHG7-3M9V-PJFP

Vulnerability from github – Published: 2022-05-24 17:09 – Updated: 2022-07-13 00:00
VLAI
Details

controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-9381"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-24T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954.",
  "id": "GHSA-xhg7-3m9v-pjfp",
  "modified": "2022-07-13T00:00:52Z",
  "published": "2022-05-24T17:09:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9381"
    },
    {
      "type": "WEB",
      "url": "https://github.com/totaljs/cms/commit/2a26c4c6a61d3fda4527a761716ef7e1c5f7c970"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saddean/research/blob/master/totaljs/Broken-acces-control.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.