CWE-668
DiscouragedExposure of Resource to Wrong Sphere
Abstraction: Class · Status: Draft
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
1248 vulnerabilities reference this CWE, most recent first.
GHSA-3VCW-92X2-JJG4
Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2022-10-27 19:00A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges and issuing a CLI command with crafted user parameters. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges.
{
"affected": [],
"aliases": [
"CVE-2021-34761"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-27T19:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges and issuing a CLI command with crafted user parameters. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges.",
"id": "GHSA-3vcw-92x2-jjg4",
"modified": "2022-10-27T19:00:30Z",
"published": "2022-05-24T19:18:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34761"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-file-write-SHVcmQVc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3VX3-XF6Q-R5XP
Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2024-04-18 17:08While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.0.0.M17"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0.M1"
},
{
"fixed": "9.0.0.M18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.5.12"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.0"
},
{
"fixed": "8.5.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.0.41"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.42"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 7.0.75"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.76"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.0.0.M17"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0.M1"
},
{
"fixed": "9.0.0.M18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.5.12"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.0"
},
{
"fixed": "8.5.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.0.41"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.42"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 7.0.75"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.76"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-5648"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-01T13:57:54Z",
"nvd_published_at": "2017-04-17T16:59:00Z",
"severity": "CRITICAL"
},
"details": "While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.",
"id": "GHSA-3vx3-xf6q-r5xp",
"modified": "2024-04-18T17:08:33Z",
"published": "2022-05-13T01:25:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5648"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/0f7b9465d594b9814e1853d1e3a6e3aa51a21610"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/6bb36dfdf6444efda074893dff493b9eb3648808"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/dfa40863421d7681fed893b4256666491887e38c"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat80/commit/6d73b079c55ee25dea1bbd0556bb568a4247dacd"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201705-09"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20180614-0001"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20170417124117/http://www.securityfocus.com/bid/97530"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20170420115120/http://www.securitytracker.com/id/1038220"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/tomcat"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1809"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1802"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1801"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3842"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3843"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/07/20/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Exposure of Resource to Wrong Sphere in Apache Tomcat"
}
GHSA-3W4F-P666-HMHQ
Vulnerability from github – Published: 2021-12-16 00:01 – Updated: 2022-07-13 00:01In getOrganizationNameForUser of DevicePolicyManagerService.java, there is a possible organization name disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192368508
{
"affected": [],
"aliases": [
"CVE-2021-0982"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-15T19:15:00Z",
"severity": "LOW"
},
"details": "In getOrganizationNameForUser of DevicePolicyManagerService.java, there is a possible organization name disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192368508",
"id": "GHSA-3w4f-p666-hmhq",
"modified": "2022-07-13T00:01:00Z",
"published": "2021-12-16T00:01:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0982"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2021-12-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3W5H-X4RH-HC28
Vulnerability from github – Published: 2021-11-23 18:18 – Updated: 2023-11-15 18:14In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.ozone:ozone-main"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-39231"
],
"database_specific": {
"cwe_ids": [
"CWE-668",
"CWE-862"
],
"github_reviewed": true,
"github_reviewed_at": "2021-11-22T18:38:38Z",
"nvd_published_at": "2021-11-19T10:15:00Z",
"severity": "CRITICAL"
},
"details": "In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration.",
"id": "GHSA-3w5h-x4rh-hc28",
"modified": "2023-11-15T18:14:28Z",
"published": "2021-11-23T18:18:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39231"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/ozone"
},
{
"type": "WEB",
"url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C110cd117-75ed-364b-cd38-3effd20f2183%40apache.org%3E"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/11/19/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Exposure of sensitive information in Apache Ozone"
}
GHSA-3WQ5-3F56-V5XC
Vulnerability from github – Published: 2023-03-31 12:30 – Updated: 2025-07-25 15:16Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 6.7.2"
},
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost-server/v6"
},
"ranges": [
{
"events": [
{
"introduced": "6.3.0"
},
{
"fixed": "7.1.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost-server"
},
"ranges": [
{
"events": [
{
"introduced": "7.8.0"
},
{
"fixed": "7.8.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.8.0"
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 7.7.1"
},
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost-server"
},
"ranges": [
{
"events": [
{
"introduced": "7.7.0"
},
{
"fixed": "7.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 7.1.5"
},
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost-server"
},
"ranges": [
{
"events": [
{
"introduced": "7.1.0"
},
{
"fixed": "7.1.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost-server/v6"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0-20211025164829-f7a8147b825c"
},
{
"fixed": "6.0.0-20230301145909-10be118d99a5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost-server"
},
"ranges": [
{
"events": [
{
"introduced": "1.4.1-0.20211025164829-f7a8147b825c"
},
{
"fixed": "1.4.1-0.20230301145909-10be118d99a5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-1777"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2023-04-07T21:02:25Z",
"nvd_published_at": "2023-03-31T12:15:00Z",
"severity": "MODERATE"
},
"details": "Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message.",
"id": "GHSA-3wq5-3f56-v5xc",
"modified": "2025-07-25T15:16:21Z",
"published": "2023-03-31T12:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1777"
},
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
},
{
"type": "PACKAGE",
"url": "github.com/mattermost/mattermost-server"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Mattermost vulnerable to information disclosure"
}
GHSA-3X39-73Q9-W8R6
Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-07-13 00:01Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2021-21210"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-26T17:15:00Z",
"severity": "MODERATE"
},
"details": "Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page.",
"id": "GHSA-3x39-73q9-w8r6",
"modified": "2022-07-13T00:01:07Z",
"published": "2022-05-24T17:48:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21210"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1184562"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202104-08"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4906"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3X46-HG82-953F
Vulnerability from github – Published: 2022-07-09 00:00 – Updated: 2022-07-17 00:00A URL disclosure issue was discovered in Burp Suite before 2022.6. If a user views a crafted response in the Repeater or Intruder, it may be incorrectly interpreted as a redirect.
{
"affected": [],
"aliases": [
"CVE-2022-35406"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-08T16:15:00Z",
"severity": "MODERATE"
},
"details": "A URL disclosure issue was discovered in Burp Suite before 2022.6. If a user views a crafted response in the Repeater or Intruder, it may be incorrectly interpreted as a redirect.",
"id": "GHSA-3x46-hg82-953f",
"modified": "2022-07-17T00:00:48Z",
"published": "2022-07-09T00:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35406"
},
{
"type": "WEB",
"url": "https://portswigger.net/burp/releases/professional-community-2022-6?requestededition=professional"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3X8W-4F7P-XXC2
Vulnerability from github – Published: 2026-05-08 19:44 – Updated: 2026-05-15 23:52Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning
Affected Component
Tool server and terminal server Redis cache:
- backend/open_webui/utils/tools.py (line 841, tool_servers SET)
- backend/open_webui/utils/tools.py (line 850, tool_servers GET)
- backend/open_webui/utils/tools.py (line 976, terminal_servers SET)
- backend/open_webui/utils/tools.py (line 986, terminal_servers GET)
Affected Versions
Current main branch (commit 6fdd19bf1) and likely all versions since the tool server / terminal server Redis cache was introduced.
Description
Open WebUI uses a REDIS_KEY_PREFIX (default open-webui) to namespace Redis keys, allowing multiple instances to safely share a single Redis backend. Every Redis key in the codebase uses this prefix — except the tool_servers and terminal_servers keys in utils/tools.py, which use bare key names.
When two or more Open WebUI instances share a Redis database (a supported and documented deployment pattern, e.g., for multi-region deployments, blue-green setups, or cluster topologies), the unprefixed keys collide. An admin on Instance A writing to tool_servers overwrites the value read by Instance B — causing Instance B's users to receive Instance A's tool server configuration.
# utils/tools.py — unprefixed keys (problem)
await request.app.state.redis.set('tool_servers', ...) # line 841
json.loads(await request.app.state.redis.get('tool_servers')) # line 850
await request.app.state.redis.set('terminal_servers', ...) # line 976
json.loads(await request.app.state.redis.get('terminal_servers')) # line 986
# Every other Redis key in the codebase — prefixed (correct pattern)
f'{REDIS_KEY_PREFIX}:auth:token:{jti}:revoked'
f'{REDIS_KEY_PREFIX}:ratelimit:{email}:{bucket}'
f'{REDIS_KEY_PREFIX}:tasks:commands'
Attack Scenario
Two Open WebUI instances (A and B) share a Redis backend — a supported deployment for multi-region setups, blue-green deployments, or hot-standby. Both instances have their own admin accounts; the shared Redis was chosen for coordinated session handling, rate limiting, and task management.
- Attacker is an admin on Instance A (a legitimately provisioned admin, or one that escalated via any available path including the LDAP empty-password or stale-admin-role findings).
- Attacker on Instance A configures a tool server pointing to
https://attacker-controlled.example.com/openapi.json. This triggersutils/tools.py:841to write the new tool server list under the bare keytool_servers. - Instance B's users query tools. Instance B reads from
tool_servers(line 850) — gets Instance A's poisoned list, which now includes the attacker's server alongside or instead of Instance B's legitimate tool servers. - Instance B's users invoke tools through the model's context. The attacker's server receives tool call payloads containing: chat content, user identity, OAuth tokens scoped to the tool server (if the user has bound their external account), and in-flight conversation context.
- The attacker's server returns arbitrary tool responses, which are fed back into Instance B's LLM context as "trusted tool output" — enabling prompt injection, misinformation delivery, and further data exfiltration cascades.
The same cross-instance poisoning applies to terminal_servers.
Impact
- Cross-instance cache poisoning: an admin on one instance affects all users of another instance sharing the Redis backend
- Data exfiltration: tool call payloads contain chat content and user identity, delivered to the attacker's server
- Prompt injection delivery: attacker-returned tool responses enter the victim instance's LLM context as trusted data
- Undermines the multi-instance isolation guarantee that
REDIS_KEY_PREFIXwas introduced to provide - Silent failure mode: no error is raised; the victim instance sees a valid, signed cache entry and has no way to detect it came from a different instance
Preconditions
- Multiple Open WebUI instances share a single Redis backend (a supported and documented deployment)
- Attacker has admin access on one of the instances (or escalates to admin via any available path)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.8.12"
},
"package": {
"ecosystem": "PyPI",
"name": "open-webui"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.9.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44552"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-08T19:44:40Z",
"nvd_published_at": "2026-05-15T20:16:46Z",
"severity": "HIGH"
},
"details": "# Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning\n\n## Affected Component\n\nTool server and terminal server Redis cache:\n- `backend/open_webui/utils/tools.py` (line 841, tool_servers SET)\n- `backend/open_webui/utils/tools.py` (line 850, tool_servers GET)\n- `backend/open_webui/utils/tools.py` (line 976, terminal_servers SET)\n- `backend/open_webui/utils/tools.py` (line 986, terminal_servers GET)\n\n## Affected Versions\n\nCurrent main branch (commit `6fdd19bf1`) and likely all versions since the tool server / terminal server Redis cache was introduced.\n\n## Description\n\nOpen WebUI uses a `REDIS_KEY_PREFIX` (default `open-webui`) to namespace Redis keys, allowing multiple instances to safely share a single Redis backend. Every Redis key in the codebase uses this prefix \u2014 except the `tool_servers` and `terminal_servers` keys in `utils/tools.py`, which use bare key names.\n\nWhen two or more Open WebUI instances share a Redis database (a supported and documented deployment pattern, e.g., for multi-region deployments, blue-green setups, or cluster topologies), the unprefixed keys collide. An admin on Instance A writing to `tool_servers` overwrites the value read by Instance B \u2014 causing Instance B\u0027s users to receive Instance A\u0027s tool server configuration.\n\n```python\n# utils/tools.py \u2014 unprefixed keys (problem)\nawait request.app.state.redis.set(\u0027tool_servers\u0027, ...) # line 841\njson.loads(await request.app.state.redis.get(\u0027tool_servers\u0027)) # line 850\nawait request.app.state.redis.set(\u0027terminal_servers\u0027, ...) # line 976\njson.loads(await request.app.state.redis.get(\u0027terminal_servers\u0027)) # line 986\n\n# Every other Redis key in the codebase \u2014 prefixed (correct pattern)\nf\u0027{REDIS_KEY_PREFIX}:auth:token:{jti}:revoked\u0027\nf\u0027{REDIS_KEY_PREFIX}:ratelimit:{email}:{bucket}\u0027\nf\u0027{REDIS_KEY_PREFIX}:tasks:commands\u0027\n```\n\n## Attack Scenario\n\nTwo Open WebUI instances (A and B) share a Redis backend \u2014 a supported deployment for multi-region setups, blue-green deployments, or hot-standby. Both instances have their own admin accounts; the shared Redis was chosen for coordinated session handling, rate limiting, and task management.\n\n1. Attacker is an admin on Instance A (a legitimately provisioned admin, or one that escalated via any available path including the LDAP empty-password or stale-admin-role findings).\n2. Attacker on Instance A configures a tool server pointing to `https://attacker-controlled.example.com/openapi.json`. This triggers `utils/tools.py:841` to write the new tool server list under the bare key `tool_servers`.\n3. Instance B\u0027s users query tools. Instance B reads from `tool_servers` (line 850) \u2014 gets Instance A\u0027s poisoned list, which now includes the attacker\u0027s server alongside or instead of Instance B\u0027s legitimate tool servers.\n4. Instance B\u0027s users invoke tools through the model\u0027s context. The attacker\u0027s server receives tool call payloads containing: chat content, user identity, OAuth tokens scoped to the tool server (if the user has bound their external account), and in-flight conversation context.\n5. The attacker\u0027s server returns arbitrary tool responses, which are fed back into Instance B\u0027s LLM context as \"trusted tool output\" \u2014 enabling prompt injection, misinformation delivery, and further data exfiltration cascades.\n\nThe same cross-instance poisoning applies to `terminal_servers`.\n\n## Impact\n\n- Cross-instance cache poisoning: an admin on one instance affects all users of another instance sharing the Redis backend\n- Data exfiltration: tool call payloads contain chat content and user identity, delivered to the attacker\u0027s server\n- Prompt injection delivery: attacker-returned tool responses enter the victim instance\u0027s LLM context as trusted data\n- Undermines the multi-instance isolation guarantee that `REDIS_KEY_PREFIX` was introduced to provide\n- Silent failure mode: no error is raised; the victim instance sees a valid, signed cache entry and has no way to detect it came from a different instance\n\n## Preconditions\n\n- Multiple Open WebUI instances share a single Redis backend (a supported and documented deployment)\n- Attacker has admin access on one of the instances (or escalates to admin via any available path)",
"id": "GHSA-3x8w-4f7p-xxc2",
"modified": "2026-05-15T23:52:27Z",
"published": "2026-05-08T19:44:40Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-3x8w-4f7p-xxc2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44552"
},
{
"type": "PACKAGE",
"url": "https://github.com/open-webui/open-webui"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning"
}
GHSA-423W-7XWV-VWQW
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-10-25 19:00An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c
{
"affected": [],
"aliases": [
"CVE-2021-22549"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-08T14:15:00Z",
"severity": "HIGH"
},
"details": "An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c",
"id": "GHSA-423w-7xwv-vwqw",
"modified": "2022-10-25T19:00:31Z",
"published": "2022-05-24T19:04:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22549"
},
{
"type": "WEB",
"url": "https://github.com/google/asylo/commit/ecfcd0008b6f8f63c6fa3cc1b62fcd4a52f2c0ad"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-42FH-PVVH-999X
Vulnerability from github – Published: 2025-04-16 15:33 – Updated: 2025-04-17 12:39Impact
This vulnerability impacts users of a subwiki of XWiki where Message Stream is enabled and use, if they configured their wiki to be closed by selecting "Prevent unregistered users to view pages" in the Administrations Rights.
The vulnerability is that any message sent in a subwiki to "everyone" is actually sent to the farm: any visitor of the main wiki will be able to see that message through the Dashboard, even if the subwiki is configured to be private.
Patches
This problem has not been patched and is not going to be patched in the future: Message Stream has been deprecated in XWiki 16.8.0RC1 and is not maintained anymore.
Workarounds
Message Stream is disabled by default, it's advised to keep it disabled from Administration > Social > Message Stream.
References
- https://jira.xwiki.org/browse/XWIKI-17154
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-messagestream"
},
"ranges": [
{
"events": [
{
"introduced": "5.0"
},
{
"last_affected": "16.7.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-32783"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-16T15:33:35Z",
"nvd_published_at": "2025-04-16T22:15:14Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nThis vulnerability impacts users of a subwiki of XWiki where Message Stream is enabled and use, if they configured their wiki to be closed by selecting \"Prevent unregistered users to view pages\" in the Administrations Rights. \n\nThe vulnerability is that any message sent in a subwiki to \"everyone\" is actually sent to the farm: any visitor of the main wiki will be able to see that message through the Dashboard, even if the subwiki is configured to be private.\n\n### Patches\n\nThis problem has not been patched and is not going to be patched in the future: Message Stream has been deprecated in XWiki 16.8.0RC1 and is not maintained anymore. \n\n### Workarounds\n\nMessage Stream is disabled by default, it\u0027s advised to keep it disabled from Administration \u003e Social \u003e Message Stream.\n\n### References\n\n * https://jira.xwiki.org/browse/XWIKI-17154",
"id": "GHSA-42fh-pvvh-999x",
"modified": "2025-04-17T12:39:18Z",
"published": "2025-04-16T15:33:35Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-42fh-pvvh-999x"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32783"
},
{
"type": "PACKAGE",
"url": "https://github.com/xwiki/xwiki-platform"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-17154"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Unregistered users can see \"public\" messages from a closed wiki via notifications from a different wiki"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.