Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1251 vulnerabilities reference this CWE, most recent first.

GHSA-C877-4H7H-XVP6

Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-07-13 00:01
VLAI
Details

A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22252"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-23T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers",
  "id": "GHSA-c877-4h7h-xvp6",
  "modified": "2022-07-13T00:01:09Z",
  "published": "2022-05-24T19:11:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22252"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1186135"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22252.json"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/330364"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C8M7-C746-QXP6

Vulnerability from github – Published: 2023-05-22 18:30 – Updated: 2024-04-04 04:16
VLAI
Details

An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios/api-daemon exposes a local web server on *.localhost with subdomains for each installed applications, e.g., myapp.localhost. An attacker can make fetch requests to api-deamon to determine if a given app is installed and read the manifest.webmanifest contents, including the app version.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33293"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-22T16:15:10Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios/api-daemon exposes a local web server on *.localhost with subdomains for each installed applications, e.g., myapp.localhost. An attacker can make fetch requests to api-deamon to determine if a given app is installed and read the manifest.webmanifest contents, including the app version.",
  "id": "GHSA-c8m7-c746-qxp6",
  "modified": "2024-04-04T04:16:25Z",
  "published": "2023-05-22T18:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33293"
    },
    {
      "type": "WEB",
      "url": "https://kaios.dev/cve/1410290"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C8Q8-MV4X-F6XR

Vulnerability from github – Published: 2022-01-12 00:00 – Updated: 2024-11-14 21:31
VLAI
Details

Windows GDI+ Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21880.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-21915"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-11T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Windows GDI+ Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21880.",
  "id": "GHSA-c8q8-mv4x-f6xr",
  "modified": "2024-11-14T21:31:54Z",
  "published": "2022-01-12T00:00:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21915"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21915"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21915"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CCC8-Q55J-MM8V

Vulnerability from github – Published: 2021-12-10 00:00 – Updated: 2021-12-15 00:01
VLAI
Details

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-38931"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-09T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418.",
  "id": "GHSA-ccc8-q55j-mm8v",
  "modified": "2021-12-15T00:01:40Z",
  "published": "2021-12-10T00:00:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38931"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210418"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220114-0001"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6523810"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-CCFC-C3CW-8FCQ

Vulnerability from github – Published: 2023-01-26 21:30 – Updated: 2023-02-01 18:30
VLAI
Details

File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-26329"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-26T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL.",
  "id": "GHSA-ccfc-c3cw-8fcq",
  "modified": "2023-02-01T18:30:23Z",
  "published": "2023-01-26T21:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26329"
    },
    {
      "type": "WEB",
      "url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm485/data/software-fixes.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CF2C-V4Q9-855G

Vulnerability from github – Published: 2023-12-04 03:30 – Updated: 2023-12-07 18:30
VLAI
Details

In telephony service, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-42716"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-04T01:15:10Z",
    "severity": "HIGH"
  },
  "details": "In telephony service, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed",
  "id": "GHSA-cf2c-v4q9-855g",
  "modified": "2023-12-07T18:30:27Z",
  "published": "2023-12-04T03:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42716"
    },
    {
      "type": "WEB",
      "url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CF3M-48HF-6297

Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2022-05-13 01:47
VLAI
Details

EVA-L09 smartphones with software Earlier than EVA-L09C25B150CUSTC25D003 versions,Earlier than EVA-L09C440B140 versions,Earlier than EVA-L09C464B361 versions,Earlier than EVA-L09C675B320CUSTC675D004 versions have Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Swype and can perform some operations to update the Google account. As a result, the FRP function is bypassed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-8161"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-22T19:29:00Z",
    "severity": "MODERATE"
  },
  "details": "EVA-L09 smartphones with software Earlier than EVA-L09C25B150CUSTC25D003 versions,Earlier than EVA-L09C440B140 versions,Earlier than EVA-L09C464B361 versions,Earlier than EVA-L09C675B320CUSTC675D004 versions have Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Swype and can perform some operations to update the Google account. As a result, the FRP function is bypassed.",
  "id": "GHSA-cf3m-48hf-6297",
  "modified": "2022-05-13T01:47:20Z",
  "published": "2022-05-13T01:47:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8161"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171013-01-frpbypass-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CFP9-W5V9-3Q4H

Vulnerability from github – Published: 2026-03-26 21:48 – Updated: 2026-04-10 19:43
VLAI
Summary
OpenClaw: Image Tool `tools.fs.workspaceOnly` Bypass via Sandbox Bridge Mounts
Details

Summary

The image tool did not fully honor the tools.fs.workspaceOnly filesystem boundary. In affected releases, image-path resolution could still traverse sandbox bridge mounts outside the workspace and read files from mounted directories that the other file tools would reject.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected: < 2026.3.2
  • Fixed: >= 2026.3.2
  • Latest released tags checked: v2026.3.23 (ccfeecb6887cd97937e33a71877ad512741e82b2) and v2026.3.23-2 (630f1479c44f78484dfa21bb407cbe6f171dac87)
  • Latest published npm version checked: 2026.3.23-2

Fix Commit(s)

  • dd9d9c1c609dcb4579f9e57bd7b5c879d0146b53
  • 14baadda2c456f3cf749f1f97e8678746a34a7f4

Release Status

The complete fix shipped in v2026.3.2 and remains present in v2026.3.23 and v2026.3.23-2.

Code-Level Confirmation

  • src/agents/openclaw-tools.ts now passes fsPolicy into createImageTool, so the image tool receives the same workspace-only policy input as the other filesystem tools.
  • src/agents/tools/image-tool.ts, src/agents/tools/media-tool-shared.ts, and src/agents/sandbox-media-paths.ts now restrict local roots and sandbox-bridge resolution to the workspace when tools.fs.workspaceOnly is enabled.

OpenClaw thanks @YLChen-007 for reporting.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-35658"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-26T21:48:06Z",
    "nvd_published_at": "2026-04-10T17:17:07Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\nThe `image` tool did not fully honor the `tools.fs.workspaceOnly` filesystem boundary. In affected releases, image-path resolution could still traverse sandbox bridge mounts outside the workspace and read files from mounted directories that the other file tools would reject.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: `\u003c 2026.3.2`\n- Fixed: `\u003e= 2026.3.2`\n- Latest released tags checked: `v2026.3.23` (`ccfeecb6887cd97937e33a71877ad512741e82b2`) and `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `dd9d9c1c609dcb4579f9e57bd7b5c879d0146b53`\n- `14baadda2c456f3cf749f1f97e8678746a34a7f4`\n\n## Release Status\nThe complete fix shipped in `v2026.3.2` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- `src/agents/openclaw-tools.ts` now passes `fsPolicy` into `createImageTool`, so the image tool receives the same workspace-only policy input as the other filesystem tools.\n- `src/agents/tools/image-tool.ts`, `src/agents/tools/media-tool-shared.ts`, and `src/agents/sandbox-media-paths.ts` now restrict local roots and sandbox-bridge resolution to the workspace when `tools.fs.workspaceOnly` is enabled.\n\nOpenClaw thanks @YLChen-007 for reporting.",
  "id": "GHSA-cfp9-w5v9-3q4h",
  "modified": "2026-04-10T19:43:38Z",
  "published": "2026-03-26T21:48:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cfp9-w5v9-3q4h"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35658"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/14baadda2c456f3cf749f1f97e8678746a34a7f4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/ccfeecb6887cd97937e33a71877ad512741e82b2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/dd9d9c1c609dcb4579f9e57bd7b5c879d0146b53"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-filesystem-boundary-bypass-in-image-tool"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw: Image Tool `tools.fs.workspaceOnly` Bypass via Sandbox Bridge Mounts"
}

GHSA-CG54-GPGR-4RM6

Vulnerability from github – Published: 2020-12-09 16:27 – Updated: 2024-09-27 15:38
VLAI
Summary
user-readable api tokens in systemd units for JupyterHub
Details

Impact

user API tokens issued to single-user servers are specified in the environment of systemd units, which are accessible to all users.

In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default.

Patches

Patched in jupyterhub-systemdspawner v0.15

Workarounds

No workaround other than upgrading systemdspawner to 0.15

For more information

If you have any questions or comments about this advisory: * Open a thread in the Jupyter forum * Email us at security@ipython.org

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "jupyterhub-systemdspawner"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.15.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-26261"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-12-09T16:25:35Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\nuser API tokens issued to single-user servers are specified in the environment of systemd units, which are accessible to all users.\n\nIn particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default.\n\n### Patches\nPatched in jupyterhub-systemdspawner v0.15\n\n### Workarounds\nNo workaround other than upgrading systemdspawner to 0.15\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open a thread in [the Jupyter forum](https://discourse.jupyter.org)\n* Email us at [security@ipython.org](mailto:security@ipython.org)",
  "id": "GHSA-cg54-gpgr-4rm6",
  "modified": "2024-09-27T15:38:37Z",
  "published": "2020-12-09T16:27:43Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jupyterhub/systemdspawner/security/advisories/GHSA-cg54-gpgr-4rm6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26261"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jupyterhub/systemdspawner/commit/a4d08fd2ade1cfd0ef2c29dc221e649345f23580"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jupyterhub/systemdspawner"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jupyterhub/systemdspawner/blob/master/CHANGELOG.md#v015"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/jupyterhub-systemdspawner/PYSEC-2020-52.yaml"
    },
    {
      "type": "WEB",
      "url": "https://pypi.org/project/jupyterhub-systemdspawner"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "user-readable api tokens in systemd units for JupyterHub"
}

GHSA-CG75-6938-WX58

Vulnerability from github – Published: 2020-03-13 20:04 – Updated: 2024-09-20 14:58
VLAI
Summary
python-docutils allows insecure usage of temporary files
Details

python-docutils allows insecure usage of temporary files.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "docutils"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.5"
            },
            {
              "fixed": "0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2009-5042"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-03-13T20:03:40Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "python-docutils allows insecure usage of temporary files.",
  "id": "GHSA-cg75-6938-wx58",
  "modified": "2024-09-20T14:58:26Z",
  "published": "2020-03-13T20:04:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-5042"
    },
    {
      "type": "WEB",
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560755"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-cg75-6938-wx58"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/docutils/PYSEC-2019-176.yaml"
    },
    {
      "type": "WEB",
      "url": "https://security-tracker.debian.org/tracker/CVE-2009-5042"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "python-docutils allows insecure usage of temporary files"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.