Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1252 vulnerabilities reference this CWE, most recent first.

GHSA-GH64-QXH5-4M33

Vulnerability from github – Published: 2023-10-25 21:06 – Updated: 2023-10-25 21:06
VLAI
Summary
org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents
Details

Impact

When a document has been deleted and re-created, it is possible for users with view right on the re-created document but not on the deleted document to view the contents of the deleted document. Such a situation might arise when rights were added to the deleted document. This can be exploited through the diff feature and, partially, through the REST API by using versions such as deleted:1 (where the number counts the deletions in the wiki and is thus guessable). Given sufficient rights, the attacker can also re-create the deleted document, thus extending the scope to any deleted document as long as the attacker has edit right in the location of the deleted document.

Patches

This vulnerability has been patched in XWiki 14.10.8 and 15.3 RC1 by properly checking rights when deleted revisions of a document are accessed.

Workarounds

The only workaround is to regularly clean deleted documents to minimize the potential exposure. Extra care should be taken when deleting sensitive documents that are protected individually (and not, e.g., by being placed in a protected space) or deleting a protected space as a whole.

References

  • https://jira.xwiki.org/browse/XWIKI-20685 (root cause)
  • https://jira.xwiki.org/browse/XWIKI-20817 (exploitation via the diff feature)
  • https://jira.xwiki.org/browse/XWIKI-20684 (exploitation via the REST API)
  • https://github.com/xwiki/xwiki-platform/commit/f471f2a392aeeb9e51d59fdfe1d76fccf532523f
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-oldcore"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.4-rc-1"
            },
            {
              "fixed": "14.10.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-oldcore"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "15.0-rc-1"
            },
            {
              "fixed": "15.3-rc-1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-37911"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-25T21:06:58Z",
    "nvd_published_at": "2023-10-25T18:17:28Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nWhen a document has been deleted and re-created, it is possible for users with view right on the re-created document but not on the deleted document to view the contents of the deleted document. Such a situation might arise when rights were added to the deleted document. This can be exploited through the diff feature and, partially, through the REST API by using versions such as `deleted:1` (where the number counts the deletions in the wiki and is thus guessable). Given sufficient rights, the attacker can also re-create the deleted document, thus extending the scope to any deleted document as long as the attacker has edit right in the location of the deleted document.\n\n### Patches\nThis vulnerability has been patched in XWiki 14.10.8 and 15.3 RC1 by properly checking rights when deleted revisions of a document are accessed.\n\n### Workarounds\nThe only workaround is to regularly [clean deleted documents](https://extensions.xwiki.org/xwiki/bin/view/Extension/Index%20Application#HPermanentlydeleteallpages) to minimize the potential exposure. Extra care should be taken when deleting sensitive documents that are protected individually (and not, e.g., by being placed in a protected space) or deleting a protected space as a whole.\n\n### References\n* https://jira.xwiki.org/browse/XWIKI-20685 (root cause)\n* https://jira.xwiki.org/browse/XWIKI-20817 (exploitation via the diff feature)\n* https://jira.xwiki.org/browse/XWIKI-20684 (exploitation via the REST API)\n* https://github.com/xwiki/xwiki-platform/commit/f471f2a392aeeb9e51d59fdfe1d76fccf532523f",
  "id": "GHSA-gh64-qxh5-4m33",
  "modified": "2023-10-25T21:06:58Z",
  "published": "2023-10-25T21:06:58Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gh64-qxh5-4m33"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37911"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/commit/f471f2a392aeeb9e51d59fdfe1d76fccf532523f"
    },
    {
      "type": "WEB",
      "url": "https://extensions.xwiki.org/xwiki/bin/view/Extension/Index%20Application#HPermanentlydeleteallpages"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xwiki/xwiki-platform"
    },
    {
      "type": "WEB",
      "url": "https://jira.xwiki.org/browse/XWIKI-20684"
    },
    {
      "type": "WEB",
      "url": "https://jira.xwiki.org/browse/XWIKI-20685"
    },
    {
      "type": "WEB",
      "url": "https://jira.xwiki.org/browse/XWIKI-20817"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents"
}

GHSA-GHHM-XRWP-75M9

Vulnerability from github – Published: 2022-01-08 00:34 – Updated: 2022-01-07 22:38
VLAI
Summary
bookstack is vulnerable to Improper Access Control
Details

bookstack is vulnerable to Improper Access Control

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "ssddanbrown/bookstack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "21.12.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-4194"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-668",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-07T22:38:34Z",
    "nvd_published_at": "2022-01-06T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "bookstack is vulnerable to Improper Access Control",
  "id": "GHSA-ghhm-xrwp-75m9",
  "modified": "2022-01-07T22:38:34Z",
  "published": "2022-01-08T00:34:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4194"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bookstackapp/bookstack/commit/cb0d674a71449de883713db2fcdccb6e108992ad"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/bookstackapp/bookstack"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/0bc8b3f7-9057-4eb7-a989-24cd5689f114"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "bookstack is vulnerable to Improper Access Control"
}

GHSA-GHMF-G5GH-VJMC

Vulnerability from github – Published: 2022-10-07 18:15 – Updated: 2022-10-12 12:00
VLAI
Details

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-39870"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-07T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.",
  "id": "GHSA-ghmf-g5gh-vjmc",
  "modified": "2022-10-12T12:00:30Z",
  "published": "2022-10-07T18:15:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39870"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GJ2W-JPXR-J46G

Vulnerability from github – Published: 2022-04-12 00:00 – Updated: 2022-04-19 00:01
VLAI
Details

Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-27576"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-11T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission",
  "id": "GHSA-gj2w-jpxr-j46g",
  "modified": "2022-04-19T00:01:13Z",
  "published": "2022-04-12T00:00:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27576"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GJ34-X4M8-M3RW

Vulnerability from github – Published: 2023-03-01 15:30 – Updated: 2023-03-10 21:30
VLAI
Details

Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-24567"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-01T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Dell NetWorker versions 19.5 and earlier contain \u0027RabbitMQ\u0027 version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks.",
  "id": "GHSA-gj34-x4m8-m3rw",
  "modified": "2023-03-10T21:30:24Z",
  "published": "2023-03-01T15:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24567"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000210471/dsa-2023-058-dell-networker-security-update-for-version-disclosure-vulnerability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GJ84-924C-48FX

Vulnerability from github – Published: 2026-05-20 15:33 – Updated: 2026-05-20 15:33
VLAI
Summary
Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS
Details

Summary

The SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort("", ":5553") resolves to ":5553" — a Go http.Server.Addr of ":5553" listens on every interface. On Windows the same code chose "localhost", binding loopback only.

The result was a platform split where the OS Algernon's dev workflow is most often used on (Linux/macOS) got the network-exposed default, and only Windows users got the loopback-safe one. A LAN peer with no developer interaction could connect to <dev-laptop-ip>:5553 and read the file-change stream.

This advisory covers the bind-address default in isolation. The fix is independent of authentication (#2a) and CORS (#2b) — switching the default to loopback can be done without touching either.

Details

Root cause — platform-dependent host default in handleFlags

// engine/flags.go:39-46  (1.17.6)
host := ""
if runtime.GOOS == "windows" {
    host = "localhost"
    // Default Bolt database file
    ac.defaultBoltFilename = filepath.Join(serverTempDir, "algernon.db")
    // Default log file
    ac.defaultLogFile = filepath.Join(serverTempDir, "algernon.log")
}
// engine/config.go:388-391  (1.17.6, finalConfiguration)
if ac.eventAddr == "" {
    ac.eventAddr = utils.JoinHostPort(host, ac.defaultEventColonPort)
}

Result tabulated:

Platform host eventAddr after JoinHostPort Effective bind
Linux "" ":5553" 0.0.0.0:5553 (all interfaces)
macOS "" ":5553" 0.0.0.0:5553 (all interfaces)
Windows "localhost" "localhost:5553" 127.0.0.1:5553 (loopback)

The same host value also governs the main web server bind, so the platform split affects both ports. The web-server bind on Linux/macOS is a separate (defensible) design decision — a server intended to be reachable; the SSE port is not such a service and inherited the same default by accident.

Why this is an independent finding

The fix is a single line: change the default host value, or change the eventAddr default specifically, to "localhost" regardless of platform. No change to authentication or CORS is required to close the network-reach half of the original bundled advisory. A LAN peer can no longer connect — the listener is unreachable from another host — even if the SSE handler still has no authentication and still returns Allow-Origin: *.

PoC (against 1.17.6 on Linux/macOS)

# Operator's laptop on a hotel/cafe/office WiFi:
algernon -a /path/to/project
# => SSE listener bound to 0.0.0.0:5553

# Any peer on the same subnet:
$ curl -sN http://<dev-laptop-ip>:5553/sse
id: 0
data: /path/to/project/secret-notes.md

id: 1
data: /path/to/project/.env.local

No interaction from the developer is required. The peer needs network reach and nothing else.

Impact

  • Confidentiality: medium. LAN-bounded continuous information disclosure of filenames and edit timing.
  • Integrity: none.
  • Availability: none directly.

The CVSS vector uses AV:A (adjacent network) to model the LAN-only reach. The vector for a misconfigured deployment behind a NAT-less or routed network would shift to AV:N and rise to 5.3.

Suggestions to fix

Primary fix — pick localhost as the SSE default on every platform.

// engine/flags.go -- platform-independent default for the event listener
// (keep the existing platform split for the WEB server if desired, but
// not for the event server)
host := "localhost"

Or, more surgically:

// engine/config.go -- finalConfiguration
if ac.eventAddr == "" {
    ac.eventAddr = utils.JoinHostPort("localhost", ac.defaultEventColonPort)
}

An operator who genuinely wants LAN-reachable SSE can pass --eventserver 0.0.0.0:5553 explicitly and accept the consequences.

Stronger fix — eliminate the second listener entirely. Mount the SSE handler on the main mux at /sse. The bind address is then whatever the main server uses; there is no second listener and therefore no second bind-address default to get wrong.

Live verification

Audit-host bind check (Windows 10):

$ netstat -an | findstr 5553
  TCP    127.0.0.1:5553         0.0.0.0:0              LISTENING

Confirms the Windows default is localhost. The Linux/macOS bind to 0.0.0.0:5553 is documented in the code path above; it was not exercised on the audit machine because the audit host was Windows. A maintainer reproducing on a Linux host would see 0.0.0.0:5553 LISTENING from ss -tlnp.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.17.6"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/xyproto/algernon"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.17.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-46430"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-20T15:33:56Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nThe SSE event server bound to `0.0.0.0:5553` on Linux/macOS by default because the platform-dependent host default in `engine/flags.go:39-46` set `host = \"\"` for non-Windows, and `utils.JoinHostPort(\"\", \":5553\")` resolves to `\":5553\"` \u2014 a Go `http.Server.Addr` of `\":5553\"` listens on every interface. On Windows the same code chose `\"localhost\"`, binding loopback only.\n\nThe result was a platform split where the OS Algernon\u0027s dev workflow is most often used on (Linux/macOS) got the network-exposed default, and only Windows users got the loopback-safe one. A LAN peer with no developer interaction could connect to `\u003cdev-laptop-ip\u003e:5553` and read the file-change stream.\n\nThis advisory covers the bind-address default in isolation. The fix is independent of authentication (#2a) and CORS (#2b) \u2014 switching the default to loopback can be done without touching either.\n\n### Details\n\n#### Root cause \u2014 platform-dependent `host` default in `handleFlags`\n\n```go\n// engine/flags.go:39-46  (1.17.6)\nhost := \"\"\nif runtime.GOOS == \"windows\" {\n    host = \"localhost\"\n    // Default Bolt database file\n    ac.defaultBoltFilename = filepath.Join(serverTempDir, \"algernon.db\")\n    // Default log file\n    ac.defaultLogFile = filepath.Join(serverTempDir, \"algernon.log\")\n}\n```\n\n```go\n// engine/config.go:388-391  (1.17.6, finalConfiguration)\nif ac.eventAddr == \"\" {\n    ac.eventAddr = utils.JoinHostPort(host, ac.defaultEventColonPort)\n}\n```\n\nResult tabulated:\n\n| Platform | `host` | `eventAddr` after `JoinHostPort` | Effective bind |\n|---|---|---|---|\n| Linux | `\"\"` | `\":5553\"` | `0.0.0.0:5553` (all interfaces) |\n| macOS | `\"\"` | `\":5553\"` | `0.0.0.0:5553` (all interfaces) |\n| Windows | `\"localhost\"` | `\"localhost:5553\"` | `127.0.0.1:5553` (loopback) |\n\nThe same `host` value also governs the main web server bind, so the platform split affects both ports. The web-server bind on Linux/macOS is a separate (defensible) design decision \u2014 a server intended to be reachable; the SSE port is *not* such a service and inherited the same default by accident.\n\n#### Why this is an independent finding\n\nThe fix is a single line: change the default `host` value, or change the `eventAddr` default specifically, to `\"localhost\"` regardless of platform. No change to authentication or CORS is required to close the network-reach half of the original bundled advisory. A LAN peer can no longer connect \u2014 the listener is unreachable from another host \u2014 even if the SSE handler still has no authentication and still returns `Allow-Origin: *`.\n\n### PoC (against 1.17.6 on Linux/macOS)\n\n```bash\n# Operator\u0027s laptop on a hotel/cafe/office WiFi:\nalgernon -a /path/to/project\n# =\u003e SSE listener bound to 0.0.0.0:5553\n\n# Any peer on the same subnet:\n$ curl -sN http://\u003cdev-laptop-ip\u003e:5553/sse\nid: 0\ndata: /path/to/project/secret-notes.md\n\nid: 1\ndata: /path/to/project/.env.local\n```\n\nNo interaction from the developer is required. The peer needs network reach and nothing else.\n\n### Impact\n\n- **Confidentiality:** medium. LAN-bounded continuous information disclosure of filenames and edit timing.\n- **Integrity:** none.\n- **Availability:** none directly.\n\nThe CVSS vector uses `AV:A` (adjacent network) to model the LAN-only reach. The vector for a misconfigured deployment behind a NAT-less or routed network would shift to `AV:N` and rise to 5.3.\n\n### Suggestions to fix\n\n**Primary fix \u2014 pick `localhost` as the SSE default on every platform.**\n\n```go\n// engine/flags.go -- platform-independent default for the event listener\n// (keep the existing platform split for the WEB server if desired, but\n// not for the event server)\nhost := \"localhost\"\n```\n\nOr, more surgically:\n\n```go\n// engine/config.go -- finalConfiguration\nif ac.eventAddr == \"\" {\n    ac.eventAddr = utils.JoinHostPort(\"localhost\", ac.defaultEventColonPort)\n}\n```\n\nAn operator who genuinely wants LAN-reachable SSE can pass `--eventserver 0.0.0.0:5553` explicitly and accept the consequences.\n\n**Stronger fix \u2014 eliminate the second listener entirely.** Mount the SSE handler on the main mux at `/sse`. The bind address is then whatever the main server uses; there is no second listener and therefore no second bind-address default to get wrong.\n\n### Live verification\n\nAudit-host bind check (Windows 10):\n\n```\n$ netstat -an | findstr 5553\n  TCP    127.0.0.1:5553         0.0.0.0:0              LISTENING\n```\n\nConfirms the Windows default is `localhost`. The Linux/macOS bind to `0.0.0.0:5553` is documented in the code path above; it was not exercised on the audit machine because the audit host was Windows. A maintainer reproducing on a Linux host would see `0.0.0.0:5553 LISTENING` from `ss -tlnp`.",
  "id": "GHSA-gj84-924c-48fx",
  "modified": "2026-05-20T15:33:56Z",
  "published": "2026-05-20T15:33:56Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xyproto/algernon/security/advisories/GHSA-gj84-924c-48fx"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xyproto/algernon"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS"
}

GHSA-GJFQ-Q65W-382H

Vulnerability from github – Published: 2022-05-24 17:10 – Updated: 2024-03-21 03:33
VLAI
Details

Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-10110"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-03-06T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching.",
  "id": "GHSA-gjfq-q65w-382h",
  "modified": "2024-03-21T03:33:54Z",
  "published": "2022-05-24T17:10:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10110"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2020/Mar/7"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/search"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/156656/Citrix-Gateway-11.1-12.0-12.1-Information-Disclosure.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GJGW-RX73-RVP5

Vulnerability from github – Published: 2022-12-25 06:30 – Updated: 2025-04-14 18:31
VLAI
Details

Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie (findable in HTML source code for Default.aspx in some situations) and the WhoAmI endpoint (e.g., path disclosure).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-45895"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-25T05:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie (findable in HTML source code for Default.aspx in some situations) and the WhoAmI endpoint (e.g., path disclosure).",
  "id": "GHSA-gjgw-rx73-rvp5",
  "modified": "2025-04-14T18:31:42Z",
  "published": "2022-12-25T06:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45895"
    },
    {
      "type": "WEB",
      "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-planet-enterprises-ltd-planet-estream"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GJQ6-54J6-8RPM

Vulnerability from github – Published: 2022-04-17 00:00 – Updated: 2022-04-27 00:00
VLAI
Details

Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-26777"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-16T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details.",
  "id": "GHSA-gjq6-54j6-8rpm",
  "modified": "2022-04-27T00:00:28Z",
  "published": "2022-04-17T00:00:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26777"
    },
    {
      "type": "WEB",
      "url": "https://raxis.com/blog/cve-2022-26653-and-cve-2022-26777"
    },
    {
      "type": "WEB",
      "url": "https://www.manageengine.com/remote-desktop-management/advisory/cve-2022-26777.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GJV9-7PJ8-FWM8

Vulnerability from github – Published: 2023-06-05 15:33 – Updated: 2024-04-04 04:32
VLAI
Details

emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33518"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-05T15:15:09Z",
    "severity": "MODERATE"
  },
  "details": "emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request.",
  "id": "GHSA-gjv9-7pj8-fwm8",
  "modified": "2024-04-04T04:32:04Z",
  "published": "2023-06-05T15:33:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33518"
    },
    {
      "type": "WEB",
      "url": "https://github.com/emoncms/emoncms/issues/1856"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.