Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1248 vulnerabilities reference this CWE, most recent first.

GHSA-2HRM-9GXC-3C35

Vulnerability from github – Published: 2024-02-27 12:31 – Updated: 2024-04-10 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfs_target_ids_write()'

DAMON debugfs interface increases the reference counts of 'struct pid's for targets from the 'target_ids' file write callback ('dbgfs_target_ids_write()'), but decreases the counts only in DAMON monitoring termination callback ('dbgfs_before_terminate()').

Therefore, when 'target_ids' file is repeatedly written without DAMON monitoring start/termination, the reference count is not decreased and therefore memory for the 'struct pid' cannot be freed. This commit fixes this issue by decreasing the reference counts when 'target_ids' is written.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46937"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-27T10:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/dbgfs: fix \u0027struct pid\u0027 leaks in \u0027dbgfs_target_ids_write()\u0027\n\nDAMON debugfs interface increases the reference counts of \u0027struct pid\u0027s\nfor targets from the \u0027target_ids\u0027 file write callback\n(\u0027dbgfs_target_ids_write()\u0027), but decreases the counts only in DAMON\nmonitoring termination callback (\u0027dbgfs_before_terminate()\u0027).\n\nTherefore, when \u0027target_ids\u0027 file is repeatedly written without DAMON\nmonitoring start/termination, the reference count is not decreased and\ntherefore memory for the \u0027struct pid\u0027 cannot be freed.  This commit\nfixes this issue by decreasing the reference counts when \u0027target_ids\u0027 is\nwritten.",
  "id": "GHSA-2hrm-9gxc-3c35",
  "modified": "2024-04-10T21:30:28Z",
  "published": "2024-02-27T12:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46937"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ebb3f994dd92f8fb4d70c7541091216c1e10cb71"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ffe4a1ba1a82c416a6b3a09d46594f6a885ae141"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2HVG-PFW9-R56C

Vulnerability from github – Published: 2022-05-24 00:00 – Updated: 2022-06-08 00:00
VLAI
Details

Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1467"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-23T20:16:00Z",
    "severity": "CRITICAL"
  },
  "details": "Windows OS can be configured to overlay a \u201clanguage bar\u201d on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS.",
  "id": "GHSA-2hvg-pfw9-r56c",
  "modified": "2022-06-08T00:00:59Z",
  "published": "2022-05-24T00:00:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1467"
    },
    {
      "type": "WEB",
      "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-130-05"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2JG4-F9F6-JF7M

Vulnerability from github – Published: 2022-07-24 00:00 – Updated: 2022-07-28 00:00
VLAI
Details

Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1146"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-23T00:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
  "id": "GHSA-2jg4-f9f6-jf7m",
  "modified": "2022-07-28T00:00:48Z",
  "published": "2022-07-24T00:00:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1146"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1290150"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-25"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2PH8-RH6H-6GPC

Vulnerability from github – Published: 2022-06-17 00:01 – Updated: 2022-06-28 00:00
VLAI
Details

CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-33751"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-16T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data.",
  "id": "GHSA-2ph8-rh6h-6gpc",
  "modified": "2022-06-28T00:00:44Z",
  "published": "2022-06-17T00:01:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33751"
    },
    {
      "type": "WEB",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2PQP-X768-F3M2

Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10
VLAI
Details

An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-21356"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-06T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when \u0027name = \"file\" is deleted during file uploads.",
  "id": "GHSA-2pqp-x768-f3m2",
  "modified": "2022-05-24T19:10:22Z",
  "published": "2022-05-24T19:10:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21356"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PopojiCMS/PopojiCMS/issues/23"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-2QH6-HHVV-M2WW

Vulnerability from github – Published: 2022-07-28 00:00 – Updated: 2022-12-09 17:01
VLAI
Summary
Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted
Details

HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file jenkins.plugins.http_request.HttpRequest.xml on the Jenkins controller as part of its configuration when using (deprecated) Basic/Digest Authentication. These passwords can be viewed by users with access to the Jenkins controller file system.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:http_request"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-36901"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-256",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-08-10T18:30:41Z",
    "nvd_published_at": "2022-07-27T15:15:00Z",
    "severity": "LOW"
  },
  "details": "HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file `jenkins.plugins.http_request.HttpRequest.xml` on the Jenkins controller as part of its configuration when using (deprecated) Basic/Digest Authentication. These passwords can be viewed by users with access to the Jenkins controller file system.",
  "id": "GHSA-2qh6-hhvv-m2ww",
  "modified": "2022-12-09T17:01:35Z",
  "published": "2022-07-28T00:00:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36901"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/http-request-plugin/commit/a2cf3454a8752759b092c23cadc156dfd2943c42"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/http-request-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2053"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted"
}

GHSA-2RPQ-3585-P54F

Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-07-13 00:01
VLAI
Details

Information Disclosure vulnerability in UserAdmin application in SAP NetWeaver Application Server for Java, versions - 7.11,7.20,7.30,7.31,7.40 and 7.50 allows attackers to access restricted information by entering malicious server name.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-27621"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-09T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Information Disclosure vulnerability in UserAdmin application in SAP NetWeaver Application Server for Java, versions - 7.11,7.20,7.30,7.31,7.40 and 7.50 allows attackers to access restricted information by entering malicious server name.",
  "id": "GHSA-2rpq-3585-p54f",
  "modified": "2022-07-13T00:01:13Z",
  "published": "2022-05-24T19:04:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27621"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/3023299"
    },
    {
      "type": "WEB",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2RQG-GJGV-84JM

Vulnerability from github – Published: 2026-03-13 20:55 – Updated: 2026-03-13 20:55
VLAI
Summary
OpenClaw: Gateway `agent` calls could override the workspace boundary
Details

Summary

The public gateway agent RPC allowed an authenticated operator with operator.write to supply attacker-controlled spawnedBy and workspaceDir values. That let the caller re-root the agent run outside its configured workspace boundary.

Impact

A non-owner operator could escape the intended workspace boundary and run normal file and exec tools from an arbitrary process-accessible directory.

Affected versions

openclaw <= 2026.3.8

Patch

Fixed in openclaw 2026.3.11 and included in later releases such as 2026.3.12. The gateway now enforces the configured workspace boundary for agent runs regardless of caller-supplied overrides.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2026.3.8"
      },
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.3.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-13T20:55:30Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\n\nThe public gateway `agent` RPC allowed an authenticated operator with `operator.write` to supply attacker-controlled `spawnedBy` and `workspaceDir` values. That let the caller re-root the agent run outside its configured workspace boundary.\n\n### Impact\n\nA non-owner operator could escape the intended workspace boundary and run normal file and exec tools from an arbitrary process-accessible directory.\n\n### Affected versions\n\n`openclaw` `\u003c= 2026.3.8`\n\n### Patch\n\nFixed in `openclaw` `2026.3.11` and included in later releases such as `2026.3.12`. The gateway now enforces the configured workspace boundary for agent runs regardless of caller-supplied overrides.",
  "id": "GHSA-2rqg-gjgv-84jm",
  "modified": "2026-03-13T20:55:30Z",
  "published": "2026-03-13T20:55:30Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2rqg-gjgv-84jm"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenClaw: Gateway `agent` calls could override the workspace boundary"
}

GHSA-2V37-RF3R-PC63

Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-07-13 00:01
VLAI
Details

Under certain conditions SAP Enable Now (SAP Workforce Performance Builder - Manager), versions - 1.0, 10 allows an attacker to access information which would otherwise be restricted leading to information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-27637"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-09T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Under certain conditions SAP Enable Now (SAP Workforce Performance Builder - Manager), versions - 1.0, 10 allows an attacker to access information which would otherwise be restricted leading to information disclosure.",
  "id": "GHSA-2v37-rf3r-pc63",
  "modified": "2022-07-13T00:01:13Z",
  "published": "2022-05-24T19:04:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27637"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/3049879"
    },
    {
      "type": "WEB",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2VC5-R994-6G7M

Vulnerability from github – Published: 2022-02-02 00:01 – Updated: 2022-02-05 00:00
VLAI
Details

The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-24868"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-01T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts.",
  "id": "GHSA-2vc5-r994-6g7m",
  "modified": "2022-02-05T00:00:46Z",
  "published": "2022-02-02T00:01:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24868"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/45a43927-a427-46bc-9c61-e0b8532c8138"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.