Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1248 vulnerabilities reference this CWE, most recent first.

GHSA-66CJ-3Q7R-633R

Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2023-05-22 21:30
VLAI
Details

A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. This vulnerability is due to insufficient validation of specific CLI command parameters. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of the configuration database and gain root-level access to an affected device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34723"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-23T03:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. This vulnerability is due to insufficient validation of specific CLI command parameters. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of the configuration database and gain root-level access to an affected device.",
  "id": "GHSA-66cj-3q7r-633r",
  "modified": "2023-05-22T21:30:22Z",
  "published": "2022-05-24T19:15:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34723"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxesdwan-arbfileov-MVOF3ZZn"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-66RX-5XF7-QHWQ

Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-07-13 00:01
VLAI
Details

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-37967"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-08T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.",
  "id": "GHSA-66rx-5xf7-qhwq",
  "modified": "2022-07-13T00:01:34Z",
  "published": "2022-05-24T19:17:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37967"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1243622"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5046"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-672P-3JRH-HX97

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-07-13 00:00
VLAI
Details

In createPendingIntent of SnoozeHelper.java, there is a possible broadcast intent containing a sensitive identifier. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-174493336

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-0480"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-11T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In createPendingIntent of SnoozeHelper.java, there is a possible broadcast intent containing a sensitive identifier. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-174493336",
  "id": "GHSA-672p-3jrh-hx97",
  "modified": "2022-07-13T00:00:59Z",
  "published": "2022-05-24T19:05:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0480"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2021-05-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-67J3-JMM3-32XC

Vulnerability from github – Published: 2026-05-19 12:31 – Updated: 2026-06-29 17:31
VLAI
Summary
TYPO3 ke_search path traversal from arbitrary table configuration input
Details

In TYPO3 faceted fulltext search (ke_search), theadditional_tables configuration of the page and tt_content indexers accept arbitrary table and field names. A backend user with permission to edit indexer configurations can copy sensitive data from internal TYPO3 tables into the search index. This has been patched in versions 7.0.1, 6.6.1, 5.6.2 and 4.6.7.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "tpwd/ke_search"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "tpwd/ke_search"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "tpwd/ke_search"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.6.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "tpwd/ke_search"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.6.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-46723"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-29T17:31:54Z",
    "nvd_published_at": "2026-05-19T10:16:25Z",
    "severity": "MODERATE"
  },
  "details": "In TYPO3 faceted fulltext search (`ke_search`), the`additional_tables` configuration of the page and `tt_content` indexers accept arbitrary table and field names. A backend user with permission to edit indexer configurations can copy sensitive data from internal TYPO3 tables into the search index. This has been patched in versions 7.0.1, 6.6.1, 5.6.2 and 4.6.7.",
  "id": "GHSA-67j3-jmm3-32xc",
  "modified": "2026-06-29T17:31:54Z",
  "published": "2026-05-19T12:31:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46723"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/tpwd/ke_search/CVE-2026-46723.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tpwd/ke_search"
    },
    {
      "type": "WEB",
      "url": "https://typo3.org/security/advisory/typo3-ext-sa-2026-011"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "TYPO3 ke_search path traversal from arbitrary table configuration input"
}

GHSA-686W-6G2Q-XQQM

Vulnerability from github – Published: 2022-02-10 00:00 – Updated: 2023-06-29 06:30
VLAI
Details

Microsoft Power BI Information Disclosure Vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-23254"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-09T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft Power BI Information Disclosure Vulnerability.",
  "id": "GHSA-686w-6g2q-xqqm",
  "modified": "2023-06-29T06:30:17Z",
  "published": "2022-02-10T00:00:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23254"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23254"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23254"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-689R-WHJG-RX75

Vulnerability from github – Published: 2023-08-17 21:30 – Updated: 2024-04-04 07:02
VLAI
Details

Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-39974"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-17T21:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list.",
  "id": "GHSA-689r-whjg-rx75",
  "modified": "2024-04-04T07:02:27Z",
  "published": "2023-08-17T21:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39974"
    },
    {
      "type": "WEB",
      "url": "https://extensions.joomla.org/extension/acymailing-starter"
    },
    {
      "type": "WEB",
      "url": "https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-68FR-5M4M-3JV8

Vulnerability from github – Published: 2023-07-14 18:31 – Updated: 2024-04-04 06:08
VLAI
Details

An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-32760"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-14T18:15:09Z",
    "severity": "MODERATE"
  },
  "details": "An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication.",
  "id": "GHSA-68fr-5m4m-3jv8",
  "modified": "2024-04-04T06:08:28Z",
  "published": "2023-07-14T18:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32760"
    },
    {
      "type": "WEB",
      "url": "https://www.archerirm.community/t5/product-advisories/archer-announces-availability-of-archer-release-6-13/ta-p/697821"
    },
    {
      "type": "WEB",
      "url": "https://www.archerirm.community/t5/security-advisories/archer-update-for-multiple-vulnerabilities/ta-p/702362"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-68W8-Q32V-4G44

Vulnerability from github – Published: 2023-04-27 03:30 – Updated: 2024-04-04 03:42
VLAI
Details

An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An attacker may exploit this to create custom firmware that may be installed in the IVI system. Then, an attacker may be able to install a backdoor in the IVI system that may allow him to control it, if it is connected to the Internet through Wi-Fi.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-26243"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-269",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-27T01:15:08Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An attacker may exploit this to create custom firmware that may be installed in the IVI system. Then, an attacker may be able to install a backdoor in the IVI system that may allow him to control it, if it is connected to the Internet through Wi-Fi.",
  "id": "GHSA-68w8-q32v-4g44",
  "modified": "2024-04-04T03:42:29Z",
  "published": "2023-04-27T03:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26243"
    },
    {
      "type": "WEB",
      "url": "https://sowhat.iit.cnr.it"
    },
    {
      "type": "WEB",
      "url": "https://sowhat.iit.cnr.it:8443/can-work/chimaera"
    },
    {
      "type": "WEB",
      "url": "https://sowhat.iit.cnr.it:8443/can-work/chimaera/-/blob/main/Report/IIT-01-2023.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-69WP-XWM7-69WM

Vulnerability from github – Published: 2022-03-22 00:00 – Updated: 2022-04-01 13:50
VLAI
Summary
Exposure of Resource to Wrong Sphere in ThinkPHP Framework
Details

ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "topthink/framework"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "5.0.24"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-25481"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-04-01T13:50:10Z",
    "nvd_published_at": "2022-03-21T00:15:00Z",
    "severity": "HIGH"
  },
  "details": "ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php.",
  "id": "GHSA-69wp-xwm7-69wm",
  "modified": "2022-04-01T13:50:10Z",
  "published": "2022-03-22T00:00:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25481"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Lyther/VulnDiscover/blob/master/Web/ThinkPHP_InfoLeak.md"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/top-think/framework"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Exposure of Resource to Wrong Sphere in ThinkPHP Framework"
}

GHSA-6C4R-G249-WV3C

Vulnerability from github – Published: 2026-07-02 17:06 – Updated: 2026-07-02 17:06
VLAI
Summary
OpenClaw: Sandboxed session spawn could expose the real workspace path to child prompts
Details

Summary

Sandboxed session spawn could expose the real workspace path to child prompts. In affected versions, a child session spawned from a sandboxed parent could forward the host workspace path into the child session prompt.

This advisory is scoped to the named feature and configuration. It does not change OpenClaw's trusted-operator model: authenticated Gateway operators, installed plugins, and intentional local execution surfaces remain trusted unless a separate policy, approval, allowlist, sandbox, or auth boundary is crossed.

Impact

When the affected feature is enabled and reachable, this could reveal host workspace location or related memory context to the child model. Practical impact depends on the operator's configuration and whether lower-trust input can reach that path.

Patched Versions

The first stable patched version is 2026.4.26.

Mitigations

avoid spawning child sessions from sensitive sandboxed workspaces until patched. As general hardening, keep channel and tool allowlists narrow, avoid sharing one Gateway between mutually untrusted users, and disable the affected feature when it is not needed.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2026.4.25"
      },
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.4.26"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-02T17:06:10Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nSandboxed session spawn could expose the real workspace path to child prompts. In affected versions, a child session spawned from a sandboxed parent could forward the host workspace path into the child session prompt.\n\nThis advisory is scoped to the named feature and configuration. It does not change OpenClaw\u0027s trusted-operator model: authenticated Gateway operators, installed plugins, and intentional local execution surfaces remain trusted unless a separate policy, approval, allowlist, sandbox, or auth boundary is crossed.\n\n### Impact\n\nWhen the affected feature is enabled and reachable, this could reveal host workspace location or related memory context to the child model. Practical impact depends on the operator\u0027s configuration and whether lower-trust input can reach that path.\n\n### Patched Versions\n\nThe first stable patched version is `2026.4.26`.\n\n### Mitigations\n\navoid spawning child sessions from sensitive sandboxed workspaces until patched. As general hardening, keep channel and tool allowlists narrow, avoid sharing one Gateway between mutually untrusted users, and disable the affected feature when it is not needed.",
  "id": "GHSA-6c4r-g249-wv3c",
  "modified": "2026-07-02T17:06:10Z",
  "published": "2026-07-02T17:06:10Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6c4r-g249-wv3c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw: Sandboxed session spawn could expose the real workspace path to child prompts"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.