CWE-668
DiscouragedExposure of Resource to Wrong Sphere
Abstraction: Class · Status: Draft
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
1251 vulnerabilities reference this CWE, most recent first.
GHSA-77G3-3J5W-64W4
Vulnerability from github – Published: 2021-04-07 20:36 – Updated: 2024-09-06 20:16A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0a1"
},
{
"fixed": "2.7.17"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0a1"
},
{
"fixed": "2.8.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0a1"
},
{
"fixed": "2.9.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-10685"
],
"database_specific": {
"cwe_ids": [
"CWE-377",
"CWE-459",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-05T14:11:30Z",
"nvd_published_at": "2020-05-11T14:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.",
"id": "GHSA-77g3-3j5w-64w4",
"modified": "2024-09-06T20:16:43Z",
"published": "2021-04-07T20:36:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10685"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/pull/68433"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/4e1fe80e681fa466626e9dea53efe6b0253ea1b2"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/51d2514753544a9d58cd7524e27e696b2c944fb5"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/e1273b6faf036ed84e4f4edee85b888a4e256aee"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10685"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-77g3-3j5w-64w4"
},
{
"type": "PACKAGE",
"url": "https://github.com/ansible/ansible"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-1.yaml"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202006-11"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4950"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible"
}
GHSA-785W-VJ78-P44X
Vulnerability from github – Published: 2022-02-10 00:00 – Updated: 2026-07-05 03:30Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increase the attack surface.
{
"affected": [],
"aliases": [
"CVE-2021-46354"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-09T14:15:00Z",
"severity": "HIGH"
},
"details": "Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter \"Addr\" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increase the attack surface.",
"id": "GHSA-785w-vj78-p44x",
"modified": "2026-07-05T03:30:44Z",
"published": "2022-02-10T00:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46354"
},
{
"type": "WEB",
"url": "https://github.com/cybelesoft/virtualui/issues/3"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/166069/Thinfinity-VirtualUI-2.5.26.2-Information-Disclosure.html"
},
{
"type": "WEB",
"url": "http://thinfinity.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-78XP-FCVC-XXJX
Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2022-05-24 17:01The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user's Wi-Fi passwords, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more.
{
"affected": [],
"aliases": [
"CVE-2019-15349"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-14T17:15:00Z",
"severity": "HIGH"
},
"details": "The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user\u0027s screen, factory reset the device, obtain the user\u0027s notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user\u0027s text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user\u0027s Wi-Fi passwords, obtain the user\u0027s notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user\u0027s text messages, and more.",
"id": "GHSA-78xp-fcvc-xxjx",
"modified": "2022-05-24T17:01:02Z",
"published": "2022-05-24T17:01:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15349"
},
{
"type": "WEB",
"url": "https://www.kryptowire.com/android-firmware-2019"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-79CC-R4HF-5PV4
Vulnerability from github – Published: 2024-02-27 09:31 – Updated: 2024-04-10 15:30In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: fix wq cleanup of WQCFG registers
A pre-release silicon erratum workaround where wq reset does not clear WQCFG registers was leaked into upstream code. Use wq reset command instead of blasting the MMIO region. This also address an issue where we clobber registers in future devices.
{
"affected": [],
"aliases": [
"CVE-2021-46917"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-27T07:15:08Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: fix wq cleanup of WQCFG registers\n\nA pre-release silicon erratum workaround where wq reset does not clear\nWQCFG registers was leaked into upstream code. Use wq reset command\ninstead of blasting the MMIO region. This also address an issue where\nwe clobber registers in future devices.",
"id": "GHSA-79cc-r4hf-5pv4",
"modified": "2024-04-10T15:30:31Z",
"published": "2024-02-27T09:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46917"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e5eb9757fe4c2392e069246ae78badc573af1833"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ea9aadc06a9f10ad20a90edc0a484f1147d88a7a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f7dc8f5619165e1fa3383d0c2519f502d9e2a1a9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-79JX-Q243-6WC7
Vulnerability from github – Published: 2023-10-31 12:30 – Updated: 2025-04-16 00:31An issue in Univention UCS v.5.0 allows a local attacker to execute arbitrary code and gain privileges via the check_univention_joinstatus function.
{
"affected": [],
"aliases": [
"CVE-2023-38994"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-31T12:15:08Z",
"severity": "HIGH"
},
"details": "An issue in Univention UCS v.5.0 allows a local attacker to execute arbitrary code and gain privileges via the check_univention_joinstatus function.",
"id": "GHSA-79jx-q243-6wc7",
"modified": "2025-04-16T00:31:29Z",
"published": "2023-10-31T12:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38994"
},
{
"type": "WEB",
"url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=56324"
},
{
"type": "WEB",
"url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=56324#c0"
},
{
"type": "WEB",
"url": "https://raeph123.github.io/BlogPosts/Univention/Simple_yet_effective_The_story_of_some_simple_bugs_that_led_to_the_complete_compromise_of_a_network_en.html"
},
{
"type": "WEB",
"url": "https://www.drive-byte.de/en/blog/simple-yet-effective-the-story-of-some-simple-bugs-that-led-to-the-complete-compromise-of-a-network"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7CJ8-2M5J-CF56
Vulnerability from github – Published: 2023-11-13 18:30 – Updated: 2023-11-13 18:30Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
{
"affected": [],
"aliases": [
"CVE-2023-42547"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-07T08:15:21Z",
"severity": "MODERATE"
},
"details": "Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.",
"id": "GHSA-7cj8-2m5j-cf56",
"modified": "2023-11-13T18:30:59Z",
"published": "2023-11-13T18:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42547"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7CWM-FPFH-RRCH
Vulnerability from github – Published: 2026-05-29 18:22 – Updated: 2026-05-29 18:22Impact
The Ironic Standalone Operator (IRSO) is the operator to maintain an Ironic deployment for Metal3. The Prometheus metrics exporter binds to 0.0.0.0 (all network interfaces) by default with no authentication. The default config is disabled. If enabled, this exposes operational metrics to any host on adjacent networks. Deployments running IrSO v0.7.0 through v0.8.1 with the Prometheus exporter enabled are affected. Versions prior to v0.7.0 do not have the Prometheus exporter feature.
Patches
The exporter now exposes a configurable bindAddress field. Users should upgrade to v0.9.0 or later.
Workarounds
Users on older versions than v0.9.0 should use host-level firewall rules (iptables/nftables) to restrict access to the metrics port from unintended networks, or disable the metrics service.
Resources
- https://github.com/metal3-io/ironic-standalone-operator/pull/635
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/metal3-io/ironic-standalone-operator"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.9.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-29T18:22:24Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "## Impact\n\nThe Ironic Standalone Operator (IRSO) is the operator to maintain an Ironic deployment for Metal3. The Prometheus metrics exporter binds to 0.0.0.0 (all network interfaces) by default with no authentication. The default config is disabled. If enabled, this exposes operational metrics to any host on adjacent networks. Deployments running IrSO v0.7.0 through v0.8.1 with the Prometheus exporter enabled are affected. Versions prior to v0.7.0 do not have the Prometheus exporter feature.\n\n## Patches\n\nThe exporter now exposes a configurable bindAddress field. Users should upgrade to v0.9.0 or later. \n\n## Workarounds\n\nUsers on older versions than v0.9.0 should use host-level firewall rules (iptables/nftables) to restrict access to the metrics port from unintended networks, or disable the metrics service.\n\n## Resources\n\n- https://github.com/metal3-io/ironic-standalone-operator/pull/635",
"id": "GHSA-7cwm-fpfh-rrch",
"modified": "2026-05-29T18:22:24Z",
"published": "2026-05-29T18:22:24Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/metal3-io/ironic-standalone-operator/security/advisories/GHSA-7cwm-fpfh-rrch"
},
{
"type": "WEB",
"url": "https://github.com/metal3-io/ironic-standalone-operator/pull/635"
},
{
"type": "PACKAGE",
"url": "https://github.com/metal3-io/ironic-standalone-operator"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Ironic Standalone Operator\u0027s prometheus metrics exporter bound to all interfaces"
}
GHSA-7FFC-HWFP-9XHQ
Vulnerability from github – Published: 2021-12-04 00:00 – Updated: 2022-10-29 12:00** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a path manipulation vulnerability in Smarty.class.php.
{
"affected": [],
"aliases": [
"CVE-2021-43674"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-03T13:15:00Z",
"severity": "CRITICAL"
},
"details": "** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a path manipulation vulnerability in Smarty.class.php.",
"id": "GHSA-7ffc-hwfp-9xhq",
"modified": "2022-10-29T12:00:31Z",
"published": "2021-12-04T00:00:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43674"
},
{
"type": "WEB",
"url": "https://github.com/ThinkUpLLC/ThinkUp/issues/2289"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7FH7-J5Q5-PV63
Vulnerability from github – Published: 2022-06-08 00:00 – Updated: 2022-06-12 00:00Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information.
{
"affected": [],
"aliases": [
"CVE-2022-28794"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-07T18:15:00Z",
"severity": "LOW"
},
"details": "Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information.",
"id": "GHSA-7fh7-j5q5-pv63",
"modified": "2022-06-12T00:00:47Z",
"published": "2022-06-08T00:00:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28794"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7FQC-P256-7PWJ
Vulnerability from github – Published: 2026-07-02 20:31 – Updated: 2026-07-02 20:31Summary
The JWT signing key cache in TokenKeyResolver uses kid as the sole cache key without namespacing by authority. In applications with multiple JwtBearer schemes pointing to different identity providers, a key fetched for one scheme can satisfy token validation for another. Additionally, cached keys have no expiration, so rotated or revoked keys remain trusted until the application process restarts.
Impact
In multi-scheme deployments, an attacker who controls one identity provider's signing key can forge tokens accepted by other schemes within the same application. For all applications using TokenKeyResolver, a signing key removed from the identity provider's JWKS endpoint remains trusted indefinitely.
Mitigations
If an immediate upgrade is not possible:
- In multi-scheme deployments, configure only one
JwtBearerscheme per application when different identity providers are required. - Restart the application process after an identity provider signing key rotation to clear stale cached keys.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Steeltoe.Security.Authentication.JwtBearer"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.2.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Steeltoe.Security.Authentication.OpenIdConnect"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.2.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.3.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Steeltoe.Security.Authentication.CloudFoundryBase"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-50202"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-02T20:31:47Z",
"nvd_published_at": "2026-06-17T23:17:04Z",
"severity": "MODERATE"
},
"details": "### Summary\n\nThe JWT signing key cache in `TokenKeyResolver` uses `kid` as the sole cache key without namespacing by authority. In applications with multiple `JwtBearer` schemes pointing to different identity providers, a key fetched for one scheme can satisfy token validation for another. Additionally, cached keys have no expiration, so rotated or revoked keys remain trusted until the application process restarts.\n\n### Impact\n\nIn multi-scheme deployments, an attacker who controls one identity provider\u0027s signing key can forge tokens accepted by other schemes within the same application. For all applications using `TokenKeyResolver`, a signing key removed from the identity provider\u0027s JWKS endpoint remains trusted indefinitely.\n\n### Mitigations\n\nIf an immediate upgrade is not possible:\n\n- In multi-scheme deployments, configure only one `JwtBearer` scheme per application when different identity providers are required.\n- Restart the application process after an identity provider signing key rotation to clear stale cached keys.",
"id": "GHSA-7fqc-p256-7pwj",
"modified": "2026-07-02T20:31:47Z",
"published": "2026-07-02T20:31:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/SteeltoeOSS/security-advisories/security/advisories/GHSA-7fqc-p256-7pwj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50202"
},
{
"type": "WEB",
"url": "https://github.com/SteeltoeOSS/Steeltoe/commit/04db2ace3b806bfe0260bb7d4bda340f241eff48"
},
{
"type": "WEB",
"url": "https://github.com/SteeltoeOSS/Steeltoe/commit/17b27b8be546ae3f83a2f6e91d45e0c84c5314b7"
},
{
"type": "PACKAGE",
"url": "https://github.com/SteeltoeOSS/security-advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Steeltoe\u0027s static JWKS cache shared across schemes and never invalidated"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.