CWE-668
DiscouragedExposure of Resource to Wrong Sphere
Abstraction: Class · Status: Draft
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
1252 vulnerabilities reference this CWE, most recent first.
GHSA-G58W-WR93-Q367
Vulnerability from github – Published: 2024-03-28 21:30 – Updated: 2024-05-23 18:30A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer.
{
"affected": [],
"aliases": [
"CVE-2024-3019"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-28T19:15:49Z",
"severity": "HIGH"
},
"details": "A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the \u0027Metrics settings\u0027 page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer.",
"id": "GHSA-g58w-wr93-q367",
"modified": "2024-05-23T18:30:54Z",
"published": "2024-03-28T21:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3019"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2566"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3264"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3321"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3322"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3323"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3324"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3325"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-3019"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271898"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G5C2-F28R-VPX5
Vulnerability from github – Published: 2022-07-13 00:01 – Updated: 2022-07-17 00:00Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.
{
"affected": [],
"aliases": [
"CVE-2022-33692"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-12T14:15:00Z",
"severity": "LOW"
},
"details": "Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.",
"id": "GHSA-g5c2-f28r-vpx5",
"modified": "2022-07-17T00:00:45Z",
"published": "2022-07-13T00:01:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33692"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G5V3-3XFP-HGX6
Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.
{
"affected": [],
"aliases": [
"CVE-2018-8040"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-29T13:29:00Z",
"severity": "MODERATE"
},
"details": "Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.",
"id": "GHSA-g5v3-3xfp-hgx6",
"modified": "2022-05-13T01:53:29Z",
"published": "2022-05-13T01:53:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8040"
},
{
"type": "WEB",
"url": "https://github.com/apache/trafficserver/pull/3926"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/36b3df68fe7311965f6bc4630ca413d2aa99d8f1d53affda85ea70d7@%3Cusers.trafficserver.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/cc7aa2ce1c6f4fe0c6bfef517763cdaad30ec7bcb0115b73f73f3c01@%3Cusers.trafficserver.apache.org%3E"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4282"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105181"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G648-3WJ5-C8R8
Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within upload_save_do.jsp. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4751.
{
"affected": [],
"aliases": [
"CVE-2017-16610"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-23T01:29:00Z",
"severity": "CRITICAL"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within upload_save_do.jsp. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4751.",
"id": "GHSA-g648-3wj5-c8r8",
"modified": "2022-05-13T01:37:22Z",
"published": "2022-05-13T01:37:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16610"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/research/tra-2018-02"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-17-952"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G6PF-M72V-9JX7
Vulnerability from github – Published: 2021-11-25 00:00 – Updated: 2022-10-27 19:00WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin.
{
"affected": [],
"aliases": [
"CVE-2021-36917"
],
"database_specific": {
"cwe_ids": [
"CWE-668",
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-24T17:15:00Z",
"severity": "HIGH"
},
"details": "WordPress Hide My WP plugin (versions \u003c= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin.",
"id": "GHSA-g6pf-m72v-9jx7",
"modified": "2022-10-27T19:00:29Z",
"published": "2021-11-25T00:00:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36917"
},
{
"type": "WEB",
"url": "https://codecanyon.net/item/hide-my-wp-amazing-security-plugin-for-wordpress/4177158"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/hide-my-wp/wordpress-hide-my-wp-premium-plugin-6-2-3-unauthenticated-plugin-deactivation-vulnerability"
},
{
"type": "WEB",
"url": "https://patchstack.com/hide-my-wp-vulnerabilities-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G75W-VCGR-6V4Q
Vulnerability from github – Published: 2022-05-08 00:00 – Updated: 2022-05-18 00:00In the KeepKey firmware before 7.3.2, the bootloader can be exploited in unusual situations in which the attacker has physical access, convinces the victim to install malicious firmware, or knows the victim's seed phrase. lib/board/supervise.c mishandles svhandler_flash_* address range checks. If exploited, any installed malware could persist even after wiping the device and resetting the firmware.
{
"affected": [],
"aliases": [
"CVE-2022-30330"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-07T04:15:00Z",
"severity": "MODERATE"
},
"details": "In the KeepKey firmware before 7.3.2, the bootloader can be exploited in unusual situations in which the attacker has physical access, convinces the victim to install malicious firmware, or knows the victim\u0027s seed phrase. lib/board/supervise.c mishandles svhandler_flash_* address range checks. If exploited, any installed malware could persist even after wiping the device and resetting the firmware.",
"id": "GHSA-g75w-vcgr-6v4q",
"modified": "2022-05-18T00:00:37Z",
"published": "2022-05-08T00:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30330"
},
{
"type": "WEB",
"url": "https://github.com/keepkey/keepkey-firmware/commit/447c1f038a31378ab9589965c098467d9ea6cccc"
},
{
"type": "WEB",
"url": "https://blog.inhq.net/posts/keepkey-CVE-2022-30330"
},
{
"type": "WEB",
"url": "https://github.com/keepkey/keepkey-firmware/releases/tag/v7.3.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G7F3-P5RJ-HPX5
Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2023-06-26 21:30Adobe Creative Cloud Desktop Application (installer) version 2.4 (and earlier) is affected by an Insecure temporary file creation vulnerability. An attacker could leverage this vulnerability to cause arbitrary file overwriting in the context of the current user. Exploitation of this issue requires physical interaction to the system.
{
"affected": [],
"aliases": [
"CVE-2021-28633"
],
"database_specific": {
"cwe_ids": [
"CWE-379",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-24T19:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe Creative Cloud Desktop Application (installer) version 2.4 (and earlier) is affected by an Insecure temporary file creation vulnerability. An attacker could leverage this vulnerability to cause arbitrary file overwriting in the context of the current user. Exploitation of this issue requires physical interaction to the system.",
"id": "GHSA-g7f3-p5rj-hpx5",
"modified": "2023-06-26T21:30:52Z",
"published": "2022-05-24T19:11:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28633"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/creative-cloud/apsb21-41.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G7P8-R2CH-4RMF
Vulnerability from github – Published: 2021-12-17 20:41 – Updated: 2022-01-04 18:56An issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes use to share important states.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "io.atomix:atomix"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.1.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-35215"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2021-12-17T19:00:58Z",
"nvd_published_at": "2021-12-16T20:15:00Z",
"severity": "MODERATE"
},
"details": "An issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes use to share important states.",
"id": "GHSA-g7p8-r2ch-4rmf",
"modified": "2022-01-04T18:56:53Z",
"published": "2021-12-17T20:41:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35215"
},
{
"type": "WEB",
"url": "https://docs.google.com/presentation/d/1pRRLfdSUqUZ688CZ9e9AyceuXPGp9oyGj7j4bdSsBcw/edit?usp=sharing"
},
{
"type": "PACKAGE",
"url": "https://github.com/atomix/atomix"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Malicious Atomix node queries expose sensitive information"
}
GHSA-G7XC-58W4-V854
Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2023-11-07 21:30a. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. b. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell. Resolution • EdgeConnect software has been modified to prevent users from accessing IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell. • EdgeConnect software has been modified to allow customers to choose not to persist the IPSec seed for additional security. Any required configuration Upgrade to Silver Peak Unity ECOS™ 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator™ 8.9.2+. 8. Product affected All versions affected prior to Silver Peak Unity ECOS™ 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator™ 8.9.2+ Silver Peak Products Applicability Unity EdgeConnect, NX, VX Applicable Unity Orchestrator Applicable EdgeConnect in AWS, Azure, GCP Applicable Silver Peak Cloud Services Not Applicable
{
"affected": [],
"aliases": [
"CVE-2020-12142"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-05-05T20:15:00Z",
"severity": "MODERATE"
},
"details": "a. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. b. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell. Resolution \u2022 EdgeConnect software has been modified to prevent users from accessing IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell. \u2022 EdgeConnect software has been modified to allow customers to choose not to persist the IPSec seed for additional security. Any required configuration Upgrade to Silver Peak Unity ECOS\u2122 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+. 8. Product affected All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+ Silver Peak Products Applicability Unity EdgeConnect, NX, VX Applicable Unity Orchestrator Applicable EdgeConnect in AWS, Azure, GCP Applicable Silver Peak Cloud Services Not Applicable",
"id": "GHSA-g7xc-58w4-v854",
"modified": "2023-11-07T21:30:21Z",
"published": "2022-05-24T22:28:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12142"
},
{
"type": "WEB",
"url": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_ipsec_udp_key_material-cve_2020_12142.pdf"
},
{
"type": "WEB",
"url": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_ipsec_udp_key_material_cve_2020_12142.pdf"
},
{
"type": "WEB",
"url": "https://www.silver-peak.com/support/user-documentation/security-advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G849-X577-8J36
Vulnerability from github – Published: 2023-11-06 15:30 – Updated: 2023-11-06 15:30A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache.
{
"affected": [],
"aliases": [
"CVE-2023-4910"
],
"database_specific": {
"cwe_ids": [
"CWE-525",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-06T13:15:10Z",
"severity": "MODERATE"
},
"details": "A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache.",
"id": "GHSA-g849-x577-8j36",
"modified": "2023-11-06T15:30:32Z",
"published": "2023-11-06T15:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4910"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-4910"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238498"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.