CWE-668
DiscouragedExposure of Resource to Wrong Sphere
Abstraction: Class · Status: Draft
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
1251 vulnerabilities reference this CWE, most recent first.
GHSA-7VRG-482W-5MFQ
Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.restore.del_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filenames parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete any files accessible to the Administrator user. Was ZDI-CAN-5104.
{
"affected": [],
"aliases": [
"CVE-2017-16593"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-23T01:29:00Z",
"severity": "MODERATE"
},
"details": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.restore.del_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filenames parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete any files accessible to the Administrator user. Was ZDI-CAN-5104.",
"id": "GHSA-7vrg-482w-5mfq",
"modified": "2022-05-13T01:37:24Z",
"published": "2022-05-13T01:37:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16593"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-17-958"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7VXG-F9RP-JRR5
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-10-25 19:00An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group could access all of the enterprise runner groups within the organization because of improper authentication checks during the request. This could cause code to be run unintentionally by the incorrect runner group. This vulnerability affected GitHub Enterprise Server versions from 3.0.0 to 3.0.15 and 3.1.0 to 3.1.7 and was fixed in 3.0.16 and 3.1.8 releases.
{
"affected": [],
"aliases": [
"CVE-2021-22869"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-24T18:15:00Z",
"severity": "CRITICAL"
},
"details": "An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group could access all of the enterprise runner groups within the organization because of improper authentication checks during the request. This could cause code to be run unintentionally by the incorrect runner group. This vulnerability affected GitHub Enterprise Server versions from 3.0.0 to 3.0.15 and 3.1.0 to 3.1.7 and was fixed in 3.0.16 and 3.1.8 releases.",
"id": "GHSA-7vxg-f9rp-jrr5",
"modified": "2022-10-25T19:00:34Z",
"published": "2022-05-24T19:15:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22869"
},
{
"type": "WEB",
"url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.16"
},
{
"type": "WEB",
"url": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7W77-5FQ4-867J
Vulnerability from github – Published: 2022-07-27 00:00 – Updated: 2022-07-29 00:00Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2022-1498"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-26T22:15:00Z",
"severity": "MODERATE"
},
"details": "Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"id": "GHSA-7w77-5fq4-867j",
"modified": "2022-07-29T00:00:24Z",
"published": "2022-07-27T00:00:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1498"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1297138"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-25"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7WG4-8M5P-HRFG
Vulnerability from github – Published: 2022-11-10 12:01 – Updated: 2023-05-22 18:33HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/hashicorp/nomad"
},
"ranges": [
{
"events": [
{
"introduced": "1.4.0"
},
{
"fixed": "1.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-3866"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2022-11-10T23:51:44Z",
"nvd_published_at": "2022-11-10T06:15:00Z",
"severity": "MODERATE"
},
"details": "HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under `nomad/` that belong to other jobs in the same namespace. Fixed in 1.4.2.",
"id": "GHSA-7wg4-8m5p-hrfg",
"modified": "2023-05-22T18:33:41Z",
"published": "2022-11-10T12:01:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3866"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/nomad/commit/3b24f26603e2b116ba324101afa8a7e3a7a769a5"
},
{
"type": "WEB",
"url": "https://discuss.hashicorp.com/t/hcsec-2022-25-nomad-s-workload-identity-token-can-list-non-sensitive-metadata-for-nomad-paths/46167"
},
{
"type": "PACKAGE",
"url": "https://github.com/hashicorp/nomad"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "HashiCorp Nomad vulnerable to non-sensitive metadata exposure"
}
GHSA-7WHC-54GW-FXFM
Vulnerability from github – Published: 2023-05-10 15:30 – Updated: 2023-11-24 09:30Exposure of resource to wrong sphere in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
{
"affected": [],
"aliases": [
"CVE-2022-38087"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-10T14:15:13Z",
"severity": "MODERATE"
},
"details": "Exposure of resource to wrong sphere in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.",
"id": "GHSA-7whc-54gw-fxfm",
"modified": "2023-11-24T09:30:28Z",
"published": "2023-05-10T15:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38087"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231124-0006"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00807.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7WPH-75G6-R67W
Vulnerability from github – Published: 2022-06-08 00:00 – Updated: 2022-06-15 00:00Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API.
{
"affected": [],
"aliases": [
"CVE-2022-30746"
],
"database_specific": {
"cwe_ids": [
"CWE-285",
"CWE-668",
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-07T19:15:00Z",
"severity": "HIGH"
},
"details": "Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API.",
"id": "GHSA-7wph-75g6-r67w",
"modified": "2022-06-15T00:00:23Z",
"published": "2022-06-08T00:00:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30746"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7XJ5-7PQH-PPG7
Vulnerability from github – Published: 2023-09-19 00:30 – Updated: 2024-04-04 07:43An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
{
"affected": [],
"aliases": [
"CVE-2023-39046"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-18T22:15:46Z",
"severity": "MODERATE"
},
"details": "An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.",
"id": "GHSA-7xj5-7pqh-ppg7",
"modified": "2024-04-04T07:43:30Z",
"published": "2023-09-19T00:30:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39046"
},
{
"type": "WEB",
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39046.md"
},
{
"type": "WEB",
"url": "http://tonton-teiwaiting.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-82G9-H5X7-73W7
Vulnerability from github – Published: 2022-12-01 21:30 – Updated: 2022-12-06 18:30IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID: 240829.
{
"affected": [],
"aliases": [
"CVE-2022-43901"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-01T19:15:00Z",
"severity": "MODERATE"
},
"details": "IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID: 240829.",
"id": "GHSA-82g9-h5x7-73w7",
"modified": "2022-12-06T18:30:18Z",
"published": "2022-12-01T21:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43901"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240829"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6842605"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-82R6-6MQQ-4V58
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present throughout the Versa servers.
{
"affected": [],
"aliases": [
"CVE-2018-16494"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-26T19:15:00Z",
"severity": "HIGH"
},
"details": "In VOS and overly permissive \"umask\" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present throughout the Versa servers.",
"id": "GHSA-82r6-6mqq-4v58",
"modified": "2022-05-24T19:03:19Z",
"published": "2022-05-24T19:03:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16494"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1168191"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8356-CCJQ-RWHV
Vulnerability from github – Published: 2022-09-21 00:00 – Updated: 2022-09-23 00:00A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to read sensitive location information.
{
"affected": [],
"aliases": [
"CVE-2022-32883"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-20T21:15:00Z",
"severity": "MODERATE"
},
"details": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to read sensitive location information.",
"id": "GHSA-8356-ccjq-rwhv",
"modified": "2022-09-23T00:00:38Z",
"published": "2022-09-21T00:00:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32883"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213443"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213444"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213445"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213446"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213486"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213488"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/39"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/40"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/43"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/45"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/49"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.