CWE-668
DiscouragedExposure of Resource to Wrong Sphere
Abstraction: Class · Status: Draft
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
1248 vulnerabilities reference this CWE, most recent first.
GHSA-2HRM-9GXC-3C35
Vulnerability from github – Published: 2024-02-27 12:31 – Updated: 2024-04-10 21:30In the Linux kernel, the following vulnerability has been resolved:
mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfs_target_ids_write()'
DAMON debugfs interface increases the reference counts of 'struct pid's for targets from the 'target_ids' file write callback ('dbgfs_target_ids_write()'), but decreases the counts only in DAMON monitoring termination callback ('dbgfs_before_terminate()').
Therefore, when 'target_ids' file is repeatedly written without DAMON monitoring start/termination, the reference count is not decreased and therefore memory for the 'struct pid' cannot be freed. This commit fixes this issue by decreasing the reference counts when 'target_ids' is written.
{
"affected": [],
"aliases": [
"CVE-2021-46937"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-27T10:15:08Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/dbgfs: fix \u0027struct pid\u0027 leaks in \u0027dbgfs_target_ids_write()\u0027\n\nDAMON debugfs interface increases the reference counts of \u0027struct pid\u0027s\nfor targets from the \u0027target_ids\u0027 file write callback\n(\u0027dbgfs_target_ids_write()\u0027), but decreases the counts only in DAMON\nmonitoring termination callback (\u0027dbgfs_before_terminate()\u0027).\n\nTherefore, when \u0027target_ids\u0027 file is repeatedly written without DAMON\nmonitoring start/termination, the reference count is not decreased and\ntherefore memory for the \u0027struct pid\u0027 cannot be freed. This commit\nfixes this issue by decreasing the reference counts when \u0027target_ids\u0027 is\nwritten.",
"id": "GHSA-2hrm-9gxc-3c35",
"modified": "2024-04-10T21:30:28Z",
"published": "2024-02-27T12:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46937"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ebb3f994dd92f8fb4d70c7541091216c1e10cb71"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ffe4a1ba1a82c416a6b3a09d46594f6a885ae141"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2HVG-PFW9-R56C
Vulnerability from github – Published: 2022-05-24 00:00 – Updated: 2022-06-08 00:00Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS.
{
"affected": [],
"aliases": [
"CVE-2022-1467"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-23T20:16:00Z",
"severity": "CRITICAL"
},
"details": "Windows OS can be configured to overlay a \u201clanguage bar\u201d on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS.",
"id": "GHSA-2hvg-pfw9-r56c",
"modified": "2022-06-08T00:00:59Z",
"published": "2022-05-24T00:00:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1467"
},
{
"type": "WEB",
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-130-05"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2JG4-F9F6-JF7M
Vulnerability from github – Published: 2022-07-24 00:00 – Updated: 2022-07-28 00:00Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2022-1146"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-23T00:15:00Z",
"severity": "MODERATE"
},
"details": "Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"id": "GHSA-2jg4-f9f6-jf7m",
"modified": "2022-07-28T00:00:48Z",
"published": "2022-07-24T00:00:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1146"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1290150"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-25"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2PH8-RH6H-6GPC
Vulnerability from github – Published: 2022-06-17 00:01 – Updated: 2022-06-28 00:00CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data.
{
"affected": [],
"aliases": [
"CVE-2022-33751"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-16T22:15:00Z",
"severity": "HIGH"
},
"details": "CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data.",
"id": "GHSA-2ph8-rh6h-6gpc",
"modified": "2022-06-28T00:00:44Z",
"published": "2022-06-17T00:01:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33751"
},
{
"type": "WEB",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20629"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2PQP-X768-F3M2
Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads.
{
"affected": [],
"aliases": [
"CVE-2020-21356"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-06T23:15:00Z",
"severity": "MODERATE"
},
"details": "An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when \u0027name = \"file\" is deleted during file uploads.",
"id": "GHSA-2pqp-x768-f3m2",
"modified": "2022-05-24T19:10:22Z",
"published": "2022-05-24T19:10:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21356"
},
{
"type": "WEB",
"url": "https://github.com/PopojiCMS/PopojiCMS/issues/23"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-2QH6-HHVV-M2WW
Vulnerability from github – Published: 2022-07-28 00:00 – Updated: 2022-12-09 17:01HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file jenkins.plugins.http_request.HttpRequest.xml on the Jenkins controller as part of its configuration when using (deprecated) Basic/Digest Authentication. These passwords can be viewed by users with access to the Jenkins controller file system.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:http_request"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-36901"
],
"database_specific": {
"cwe_ids": [
"CWE-256",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2022-08-10T18:30:41Z",
"nvd_published_at": "2022-07-27T15:15:00Z",
"severity": "LOW"
},
"details": "HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file `jenkins.plugins.http_request.HttpRequest.xml` on the Jenkins controller as part of its configuration when using (deprecated) Basic/Digest Authentication. These passwords can be viewed by users with access to the Jenkins controller file system.",
"id": "GHSA-2qh6-hhvv-m2ww",
"modified": "2022-12-09T17:01:35Z",
"published": "2022-07-28T00:00:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36901"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/http-request-plugin/commit/a2cf3454a8752759b092c23cadc156dfd2943c42"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/http-request-plugin"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2053"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/07/27/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted"
}
GHSA-2RPQ-3585-P54F
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-07-13 00:01Information Disclosure vulnerability in UserAdmin application in SAP NetWeaver Application Server for Java, versions - 7.11,7.20,7.30,7.31,7.40 and 7.50 allows attackers to access restricted information by entering malicious server name.
{
"affected": [],
"aliases": [
"CVE-2021-27621"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-09T14:15:00Z",
"severity": "MODERATE"
},
"details": "Information Disclosure vulnerability in UserAdmin application in SAP NetWeaver Application Server for Java, versions - 7.11,7.20,7.30,7.31,7.40 and 7.50 allows attackers to access restricted information by entering malicious server name.",
"id": "GHSA-2rpq-3585-p54f",
"modified": "2022-07-13T00:01:13Z",
"published": "2022-05-24T19:04:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27621"
},
{
"type": "WEB",
"url": "https://launchpad.support.sap.com/#/notes/3023299"
},
{
"type": "WEB",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2RQG-GJGV-84JM
Vulnerability from github – Published: 2026-03-13 20:55 – Updated: 2026-03-13 20:55Summary
The public gateway agent RPC allowed an authenticated operator with operator.write to supply attacker-controlled spawnedBy and workspaceDir values. That let the caller re-root the agent run outside its configured workspace boundary.
Impact
A non-owner operator could escape the intended workspace boundary and run normal file and exec tools from an arbitrary process-accessible directory.
Affected versions
openclaw <= 2026.3.8
Patch
Fixed in openclaw 2026.3.11 and included in later releases such as 2026.3.12. The gateway now enforces the configured workspace boundary for agent runs regardless of caller-supplied overrides.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2026.3.8"
},
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.3.11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-13T20:55:30Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\n\nThe public gateway `agent` RPC allowed an authenticated operator with `operator.write` to supply attacker-controlled `spawnedBy` and `workspaceDir` values. That let the caller re-root the agent run outside its configured workspace boundary.\n\n### Impact\n\nA non-owner operator could escape the intended workspace boundary and run normal file and exec tools from an arbitrary process-accessible directory.\n\n### Affected versions\n\n`openclaw` `\u003c= 2026.3.8`\n\n### Patch\n\nFixed in `openclaw` `2026.3.11` and included in later releases such as `2026.3.12`. The gateway now enforces the configured workspace boundary for agent runs regardless of caller-supplied overrides.",
"id": "GHSA-2rqg-gjgv-84jm",
"modified": "2026-03-13T20:55:30Z",
"published": "2026-03-13T20:55:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2rqg-gjgv-84jm"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "OpenClaw: Gateway `agent` calls could override the workspace boundary"
}
GHSA-2V37-RF3R-PC63
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-07-13 00:01Under certain conditions SAP Enable Now (SAP Workforce Performance Builder - Manager), versions - 1.0, 10 allows an attacker to access information which would otherwise be restricted leading to information disclosure.
{
"affected": [],
"aliases": [
"CVE-2021-27637"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-09T14:15:00Z",
"severity": "MODERATE"
},
"details": "Under certain conditions SAP Enable Now (SAP Workforce Performance Builder - Manager), versions - 1.0, 10 allows an attacker to access information which would otherwise be restricted leading to information disclosure.",
"id": "GHSA-2v37-rf3r-pc63",
"modified": "2022-07-13T00:01:13Z",
"published": "2022-05-24T19:04:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27637"
},
{
"type": "WEB",
"url": "https://launchpad.support.sap.com/#/notes/3049879"
},
{
"type": "WEB",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2VC5-R994-6G7M
Vulnerability from github – Published: 2022-02-02 00:01 – Updated: 2022-02-05 00:00The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts.
{
"affected": [],
"aliases": [
"CVE-2021-24868"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-01T13:15:00Z",
"severity": "MODERATE"
},
"details": "The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts.",
"id": "GHSA-2vc5-r994-6g7m",
"modified": "2022-02-05T00:00:46Z",
"published": "2022-02-02T00:01:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24868"
},
{
"type": "WEB",
"url": "https://wpscan.com/vulnerability/45a43927-a427-46bc-9c61-e0b8532c8138"
}
],
"schema_version": "1.4.0",
"severity": []
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.