CWE-668
DiscouragedExposure of Resource to Wrong Sphere
Abstraction: Class · Status: Draft
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
1248 vulnerabilities reference this CWE, most recent first.
GHSA-3FC3-XGJX-F77W
Vulnerability from github – Published: 2022-08-27 00:00 – Updated: 2022-09-01 00:00SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx.
{
"affected": [],
"aliases": [
"CVE-2022-36226"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-26T00:15:00Z",
"severity": "HIGH"
},
"details": "SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx.",
"id": "GHSA-3fc3-xgjx-f77w",
"modified": "2022-09-01T00:00:24Z",
"published": "2022-08-27T00:00:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36226"
},
{
"type": "WEB",
"url": "https://github.com/we1h0/SiteServer-CMS-Remote-download-Getshell"
},
{
"type": "WEB",
"url": "https://www.slpyue.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3FQC-QP8W-RR4H
Vulnerability from github – Published: 2022-04-29 00:00 – Updated: 2022-05-10 00:00A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker.
{
"affected": [],
"aliases": [
"CVE-2022-22783"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-28T15:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker.",
"id": "GHSA-3fqc-qp8w-rr4h",
"modified": "2022-05-10T00:00:34Z",
"published": "2022-04-29T00:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22783"
},
{
"type": "WEB",
"url": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3FW2-3G64-5H2V
Vulnerability from github – Published: 2022-09-14 00:00 – Updated: 2022-09-14 00:00Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34728, CVE-2022-38006.
{
"affected": [],
"aliases": [
"CVE-2022-35837"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-13T19:15:00Z",
"severity": "MODERATE"
},
"details": "Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34728, CVE-2022-38006.",
"id": "GHSA-3fw2-3g64-5h2v",
"modified": "2022-09-14T00:00:44Z",
"published": "2022-09-14T00:00:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35837"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35837"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35837"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3H2X-CPJG-QQ3M
Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, the HLOS can gain access to unauthorized memory.
{
"affected": [],
"aliases": [
"CVE-2017-18073"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-11T15:29:00Z",
"severity": "HIGH"
},
"details": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, the HLOS can gain access to unauthorized memory.",
"id": "GHSA-3h2x-cpjg-qq3m",
"modified": "2022-05-13T01:44:34Z",
"published": "2022-05-13T01:44:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18073"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103671"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3HVJ-CH28-P4X7
Vulnerability from github – Published: 2026-01-22 18:30 – Updated: 2026-01-22 18:30VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a local privilege escalation vulnerability in the VBMatrix VAIO virtual audio driver (vbmatrixvaio64*_win10.sys). The driver allocates a 128-byte non-paged pool buffer and, upon receiving IOCTL 0x222060, maps it into user space using an MDL and MmMapLockedPagesSpecifyCache. Because the allocation size is not page-aligned, the mapping exposes the entire 0x1000-byte kernel page containing the buffer plus adjacent non-paged pool allocations with read/write permissions. An unprivileged local attacker can open a device handle (using the required 0x800 attribute flag), invoke the IOCTL to obtain the mapping, and then read or modify live kernel objects and pointers present on that page. This enables bypass of KASLR, arbitrary kernel memory read/write within the exposed page, corruption of kernel objects, and escalation to SYSTEM.
{
"affected": [],
"aliases": [
"CVE-2026-23763"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-22T17:16:37Z",
"severity": "HIGH"
},
"details": "VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a local privilege escalation vulnerability in the VBMatrix VAIO virtual audio driver (vbmatrixvaio64*_win10.sys). The driver allocates a 128-byte non-paged pool buffer and, upon receiving IOCTL 0x222060, maps it into user space using an MDL and MmMapLockedPagesSpecifyCache. Because the allocation size is not page-aligned, the mapping exposes the entire 0x1000-byte kernel page containing the buffer plus adjacent non-paged pool allocations with read/write permissions. An unprivileged local attacker can open a device handle (using the required 0x800 attribute flag), invoke the IOCTL to obtain the mapping, and then read or modify live kernel objects and pointers present on that page. This enables bypass of KASLR, arbitrary kernel memory read/write within the exposed page, corruption of kernel objects, and escalation to SYSTEM.",
"id": "GHSA-3hvj-ch28-p4x7",
"modified": "2026-01-22T18:30:41Z",
"published": "2026-01-22T18:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23763"
},
{
"type": "WEB",
"url": "https://forum.vb-audio.com/viewtopic.php?p=7527#p7527"
},
{
"type": "WEB",
"url": "https://forum.vb-audio.com/viewtopic.php?p=7574#p7574"
},
{
"type": "WEB",
"url": "https://github.com/emkaix/security-research/tree/main/CVE-2026-23763"
},
{
"type": "WEB",
"url": "https://vb-audio.com"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/vb-audio-matrix-drivers-local-privilege-escalation-via-kernel-memory-exposure"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-3J7C-P7JW-Q87H
Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2024-04-04 01:28cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72).
{
"affected": [],
"aliases": [
"CVE-2016-10840"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-01T16:15:00Z",
"severity": "HIGH"
},
"details": "cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72).",
"id": "GHSA-3j7c-p7jw-q87h",
"modified": "2024-04-04T01:28:02Z",
"published": "2022-05-24T16:52:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10840"
},
{
"type": "WEB",
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3JX4-Q2M7-R496
Vulnerability from github – Published: 2026-03-04 19:21 – Updated: 2026-03-04 19:21Summary
In certain workspace-restricted configurations, OpenClaw could follow hardlink aliases inside the workspace that reference files outside the workspace boundary.
By default, tools.fs.workspaceOnly is off. This primarily affects deployments that intentionally enable workspace-only filesystem restrictions (and workspace-only apply_patch checks).
Impact
- Confidentiality: out-of-workspace files could be read through in-workspace hardlink aliases.
- Integrity: out-of-workspace files could be modified through in-workspace hardlink aliases.
Affected Packages / Versions
- Package:
openclaw(npm) - Latest published version at triage time:
2026.2.24 - Affected range:
<= 2026.2.24 - Planned patched version:
2026.2.25
Fix Commit(s)
04d91d0319b82fd4de91ed05e9fc5219ff2ab64e(main)
Remediation
OpenClaw now rejects hardlinked final-file aliases during workspace boundary validation for:
- workspace-only path checks (read / write / edit)
- workspace-only apply_patch read/write paths
- sandbox mount-root path-safety checks
Regression tests were added for apply_patch, workspace fs tools, and sandbox fs bridge hardlink alias escapes.
OpenClaw thanks @tdjackey for reporting.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2026.2.24"
},
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.2.25"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-59",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-04T19:21:04Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\nIn certain workspace-restricted configurations, OpenClaw could follow hardlink aliases inside the workspace that reference files outside the workspace boundary.\n\nBy default, `tools.fs.workspaceOnly` is off. This primarily affects deployments that intentionally enable workspace-only filesystem restrictions (and workspace-only `apply_patch` checks).\n\n### Impact\n- Confidentiality: out-of-workspace files could be read through in-workspace hardlink aliases.\n- Integrity: out-of-workspace files could be modified through in-workspace hardlink aliases.\n\n### Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published version at triage time: `2026.2.24`\n- Affected range: `\u003c= 2026.2.24`\n- Planned patched version: `2026.2.25`\n\n### Fix Commit(s)\n- `04d91d0319b82fd4de91ed05e9fc5219ff2ab64e` (main)\n\n### Remediation\nOpenClaw now rejects hardlinked final-file aliases during workspace boundary validation for:\n- workspace-only path checks (`read` / `write` / `edit`)\n- workspace-only `apply_patch` read/write paths\n- sandbox mount-root path-safety checks\n\nRegression tests were added for `apply_patch`, workspace fs tools, and sandbox fs bridge hardlink alias escapes.\n\nOpenClaw thanks @tdjackey for reporting.",
"id": "GHSA-3jx4-q2m7-r496",
"modified": "2026-03-04T19:21:04Z",
"published": "2026-03-04T19:21:04Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3jx4-q2m7-r496"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/04d91d0319b82fd4de91ed05e9fc5219ff2ab64e"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw: Hardlink alias checks could bypass workspace-only file boundaries in specific configurations"
}
GHSA-3M9Q-9522-7FX6
Vulnerability from github – Published: 2022-07-13 00:01 – Updated: 2022-07-17 00:00Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.
{
"affected": [],
"aliases": [
"CVE-2022-33699"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-12T14:15:00Z",
"severity": "LOW"
},
"details": "Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.",
"id": "GHSA-3m9q-9522-7fx6",
"modified": "2022-07-17T00:00:45Z",
"published": "2022-07-13T00:01:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33699"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3MP9-X5Q5-63W3
Vulnerability from github – Published: 2022-10-28 19:00 – Updated: 2022-10-28 19:00An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.
{
"affected": [],
"aliases": [
"CVE-2022-2882"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-28T15:15:00Z",
"severity": "MODERATE"
},
"details": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration\u0027s access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.",
"id": "GHSA-3mp9-x5q5-63w3",
"modified": "2022-10-28T19:00:30Z",
"published": "2022-10-28T19:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2882"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1656722"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2882.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/371082"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3P22-GHQ8-V749
Vulnerability from github – Published: 2022-03-22 18:49 – Updated: 2022-03-22 18:49Impact
This vulnerability allows renderers to obtain access to a random bluetooth device via the web bluetooth API if the app has not configured a custom select-bluetooth-device event handler. The device that is accessed is random and the attacker would have no way of selecting a specific device.
All current stable versions of Electron are affected.
Patches
This has been patched and the following Electron versions contain the fix:
* 17.0.0-alpha.6
* 16.0.6
* 15.3.5
* 14.2.4
* 13.6.6
Workarounds
Adding this code to your app can workaround the issue.
app.on('web-contents-created', (event, webContents) => {
webContents.on('select-bluetooth-device', (event, devices, callback) => {
// Prevent default behavior
event.preventDefault();
// Cancel the request
callback('');
});
});
For more information If you have any questions or comments about this advisory, email us at security@electronjs.org.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "electron"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.6.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "electron"
},
"ranges": [
{
"events": [
{
"introduced": "14.0.0-beta.1"
},
{
"fixed": "14.2.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "electron"
},
"ranges": [
{
"events": [
{
"introduced": "15.0.0-beta.1"
},
{
"fixed": "15.3.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "electron"
},
"ranges": [
{
"events": [
{
"introduced": "16.0.0-beta.1"
},
{
"fixed": "16.0.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 17.0.0-alpha.5"
},
"package": {
"ecosystem": "npm",
"name": "electron"
},
"ranges": [
{
"events": [
{
"introduced": "17.0.0-alpha.1"
},
{
"fixed": "17.0.0-alpha.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-21718"
],
"database_specific": {
"cwe_ids": [
"CWE-668",
"CWE-862"
],
"github_reviewed": true,
"github_reviewed_at": "2022-03-22T18:49:36Z",
"nvd_published_at": "2022-03-22T17:15:00Z",
"severity": "LOW"
},
"details": "### Impact\nThis vulnerability allows renderers to obtain access to a random bluetooth device via the [web bluetooth API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Bluetooth_API) if the app has not configured a custom `select-bluetooth-device` event handler. The device that is accessed is random and the attacker would have no way of selecting a specific device.\n\nAll current stable versions of Electron are affected.\n\n### Patches\nThis has been patched and the following Electron versions contain the fix:\n* `17.0.0-alpha.6`\n* `16.0.6`\n* `15.3.5`\n* `14.2.4`\n* `13.6.6`\n\n### Workarounds\nAdding this code to your app can workaround the issue.\n\n```js\napp.on(\u0027web-contents-created\u0027, (event, webContents) =\u003e {\n webContents.on(\u0027select-bluetooth-device\u0027, (event, devices, callback) =\u003e {\n // Prevent default behavior\n event.preventDefault();\n // Cancel the request\n callback(\u0027\u0027);\n });\n});\n```\n\nFor more information\nIf you have any questions or comments about this advisory, email us at security@electronjs.org.",
"id": "GHSA-3p22-ghq8-v749",
"modified": "2022-03-22T18:49:36Z",
"published": "2022-03-22T18:49:36Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21718"
},
{
"type": "WEB",
"url": "https://github.com/electron/electron/pull/32178"
},
{
"type": "WEB",
"url": "https://github.com/electron/electron/pull/32240"
},
{
"type": "PACKAGE",
"url": "https://github.com/electron/electron"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Renderers can obtain access to random bluetooth device without permission in Electron"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.