Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1251 vulnerabilities reference this CWE, most recent first.

GHSA-7MVW-H642-VQV7

Vulnerability from github – Published: 2022-05-11 00:00 – Updated: 2025-01-02 21:31
VLAI
Details

Windows NTFS Information Disclosure Vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-26933"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-10T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Windows NTFS Information Disclosure Vulnerability.",
  "id": "GHSA-7mvw-h642-vqv7",
  "modified": "2025-01-02T21:31:32Z",
  "published": "2022-05-11T00:00:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26933"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26933"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26933"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7P22-9F27-W6FQ

Vulnerability from github – Published: 2022-04-16 00:00 – Updated: 2022-04-23 00:03
VLAI
Details

A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-27257"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-15T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter.",
  "id": "GHSA-7p22-9f27-w6fq",
  "modified": "2022-04-23T00:03:12Z",
  "published": "2022-04-16T00:00:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27257"
    },
    {
      "type": "WEB",
      "url": "https://framagit.org/hubzilla/core/-/commit/0784cd593a39a4fc297e8a82f7e79bc8019a0868#1c497fbb3a46b78edf04cc2a2fa33f67e3ffbe2a"
    },
    {
      "type": "WEB",
      "url": "https://hubzilla.org/channel/hubzilla"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7R3Q-QX4P-Q5JF

Vulnerability from github – Published: 2022-05-24 19:13 – Updated: 2022-07-13 00:01
VLAI
Details

Lack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1929"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-08T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Lack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",
  "id": "GHSA-7r3q-qx4p-q5jf",
  "modified": "2022-07-13T00:01:02Z",
  "published": "2022-05-24T19:13:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1929"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2021-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7RHX-X8P4-75C7

Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03
VLAI
Details

Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-1258"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-06-16T20:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka \"Drag and Drop Information Disclosure Vulnerability.\"",
  "id": "GHSA-7rhx-x8p4-75c7",
  "modified": "2022-05-13T01:03:28Z",
  "published": "2022-05-13T01:03:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1258"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12495"
    },
    {
      "type": "WEB",
      "url": "http://blogs.technet.com/b/msrc/archive/2011/06/09/june-advance-notification-service-and-10-immutable-laws-revisited.aspx"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-7V4X-V824-898C

Vulnerability from github – Published: 2022-07-18 00:00 – Updated: 2022-07-26 00:00
VLAI
Details

In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k value.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-31260"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-17T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k value.",
  "id": "GHSA-7v4x-v824-898c",
  "modified": "2022-07-26T00:00:28Z",
  "published": "2022-07-18T00:00:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31260"
    },
    {
      "type": "WEB",
      "url": "https://github.com/grymer/CVE/blob/master/CVE-2022-31260.md"
    },
    {
      "type": "WEB",
      "url": "https://www.resourcespace.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7V5M-29MQ-3XQ4

Vulnerability from github – Published: 2022-05-08 00:00 – Updated: 2022-05-18 00:00
VLAI
Details

Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-30334"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-07T05:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises \"Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser.\"",
  "id": "GHSA-7v5m-29mq-3xq4",
  "modified": "2022-05-18T00:00:35Z",
  "published": "2022-05-08T00:00:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30334"
    },
    {
      "type": "WEB",
      "url": "https://github.com/brave/brave-browser/issues/18071"
    },
    {
      "type": "WEB",
      "url": "https://github.com/brave/brave-core/pull/10760"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1337624"
    },
    {
      "type": "WEB",
      "url": "https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor-Connectivity-"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7V5M-MJHX-X6GC

Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2022-07-13 00:01
VLAI
Details

An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in attacker to execute arbitrary code inside a sandboxed environment.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-41790"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-21T09:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in attacker to execute arbitrary code inside a sandboxed environment.",
  "id": "GHSA-7v5m-mjhx-x6gc",
  "modified": "2022-07-13T00:01:41Z",
  "published": "2022-05-24T19:18:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41790"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md"
    },
    {
      "type": "WEB",
      "url": "https://www.themissinglink.com.au"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7V89-WQR4-9X78

Vulnerability from github – Published: 2022-01-14 00:02 – Updated: 2023-04-19 18:30
VLAI
Details

Lack of validation for third party application accessing the service can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-30314"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-13T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Lack of validation for third party application accessing the service can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",
  "id": "GHSA-7v89-wqr4-9x78",
  "modified": "2023-04-19T18:30:58Z",
  "published": "2022-01-14T00:02:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30314"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2022-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7VQG-R6CW-6W76

Vulnerability from github – Published: 2022-08-02 00:00 – Updated: 2022-08-06 00:00
VLAI
Details

The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2370"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668",
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-01T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them",
  "id": "GHSA-7vqg-r6cw-6w76",
  "modified": "2022-08-06T00:00:49Z",
  "published": "2022-08-02T00:00:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2370"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/bedda2a9-6c52-478e-b17a-7a4488419334"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7VR7-CGHH-CH63

Vulnerability from github – Published: 2023-06-20 16:45 – Updated: 2023-06-20 16:45
VLAI
Summary
XWiki Platform may retrieve email addresses of all users
Details

Impact

The mail obfuscation configuration was not fully taken into account and while the mail displayed to the end user was obfuscated: - the rest response was also containing the mail unobfuscated - user were able to filter and sort on the unobfuscated (allowing to infer the mail content)

The consequence was the possibility to retrieve the email addresses of all users even when obfuscated.

See https://jira.xwiki.org/browse/XWIKI-20333 for the reproduction steps.

Patches

This has been patched in XWiki 14.10.4, XWiki 14.4.8, and XWiki 15.0-rc-1.

Workarounds

The workaround is to modify the page XWiki.LiveTableResultsMacros following this patch.

References

https://jira.xwiki.org/browse/XWIKI-20333

For more information

If you have any questions or comments about this advisory:

Attribution

This vulnerability has been reported on Intigriti by @floerer

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-livetable-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.5-milestone-1"
            },
            {
              "fixed": "14.4.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-livetable-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "14.5"
            },
            {
              "fixed": "14.10.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-34467"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-402",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-06-20T16:45:32Z",
    "nvd_published_at": "2023-06-23T17:15:09Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nThe mail obfuscation configuration was not fully taken into account and while the mail displayed to the end user was obfuscated:\n- the rest response was also containing the mail unobfuscated\n- user were able to filter and sort on the unobfuscated (allowing to infer the mail content)\n\nThe consequence was the possibility to retrieve the email addresses of all users even when obfuscated.\n\nSee https://jira.xwiki.org/browse/XWIKI-20333 for the reproduction steps.\n\n### Patches\nThis has been patched in XWiki 14.10.4, XWiki 14.4.8, and XWiki 15.0-rc-1.\n\n### Workarounds\nThe workaround is to modify the page `XWiki.LiveTableResultsMacros` following this [patch](https://github.com/xwiki/xwiki-platform/commit/71f889db9962df2d385f4298e29cfbc9050b828a#diff-5a739e5865b1f1ad9d79b724791be51b0095a0170cc078911c940478b13b949a).\n\n### References\n\nhttps://jira.xwiki.org/browse/XWIKI-20333\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n*    Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)\n*    Email us at [Security Mailing List](mailto:security@xwiki.org)\n\n### Attribution\n\nThis vulnerability has been reported on Intigriti by @floerer",
  "id": "GHSA-7vr7-cghh-ch63",
  "modified": "2023-06-20T16:45:32Z",
  "published": "2023-06-20T16:45:32Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7vr7-cghh-ch63"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34467"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/commit/71f889db9962df2d385f4298e29cfbc9050b828a#diff-5a739e5865b1f1ad9d79b724791be51b0095a0170cc078911c940478b13b949a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xwiki/xwiki-platform"
    },
    {
      "type": "WEB",
      "url": "https://jira.xwiki.org/browse/XWIKI-20333"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "XWiki Platform may retrieve email addresses of all users "
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.