CWE-668
DiscouragedExposure of Resource to Wrong Sphere
Abstraction: Class · Status: Draft
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
1252 vulnerabilities reference this CWE, most recent first.
GHSA-GH64-QXH5-4M33
Vulnerability from github – Published: 2023-10-25 21:06 – Updated: 2023-10-25 21:06Impact
When a document has been deleted and re-created, it is possible for users with view right on the re-created document but not on the deleted document to view the contents of the deleted document. Such a situation might arise when rights were added to the deleted document. This can be exploited through the diff feature and, partially, through the REST API by using versions such as deleted:1 (where the number counts the deletions in the wiki and is thus guessable). Given sufficient rights, the attacker can also re-create the deleted document, thus extending the scope to any deleted document as long as the attacker has edit right in the location of the deleted document.
Patches
This vulnerability has been patched in XWiki 14.10.8 and 15.3 RC1 by properly checking rights when deleted revisions of a document are accessed.
Workarounds
The only workaround is to regularly clean deleted documents to minimize the potential exposure. Extra care should be taken when deleting sensitive documents that are protected individually (and not, e.g., by being placed in a protected space) or deleting a protected space as a whole.
References
- https://jira.xwiki.org/browse/XWIKI-20685 (root cause)
- https://jira.xwiki.org/browse/XWIKI-20817 (exploitation via the diff feature)
- https://jira.xwiki.org/browse/XWIKI-20684 (exploitation via the REST API)
- https://github.com/xwiki/xwiki-platform/commit/f471f2a392aeeb9e51d59fdfe1d76fccf532523f
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-oldcore"
},
"ranges": [
{
"events": [
{
"introduced": "9.4-rc-1"
},
{
"fixed": "14.10.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-oldcore"
},
"ranges": [
{
"events": [
{
"introduced": "15.0-rc-1"
},
{
"fixed": "15.3-rc-1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-37911"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-25T21:06:58Z",
"nvd_published_at": "2023-10-25T18:17:28Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nWhen a document has been deleted and re-created, it is possible for users with view right on the re-created document but not on the deleted document to view the contents of the deleted document. Such a situation might arise when rights were added to the deleted document. This can be exploited through the diff feature and, partially, through the REST API by using versions such as `deleted:1` (where the number counts the deletions in the wiki and is thus guessable). Given sufficient rights, the attacker can also re-create the deleted document, thus extending the scope to any deleted document as long as the attacker has edit right in the location of the deleted document.\n\n### Patches\nThis vulnerability has been patched in XWiki 14.10.8 and 15.3 RC1 by properly checking rights when deleted revisions of a document are accessed.\n\n### Workarounds\nThe only workaround is to regularly [clean deleted documents](https://extensions.xwiki.org/xwiki/bin/view/Extension/Index%20Application#HPermanentlydeleteallpages) to minimize the potential exposure. Extra care should be taken when deleting sensitive documents that are protected individually (and not, e.g., by being placed in a protected space) or deleting a protected space as a whole.\n\n### References\n* https://jira.xwiki.org/browse/XWIKI-20685 (root cause)\n* https://jira.xwiki.org/browse/XWIKI-20817 (exploitation via the diff feature)\n* https://jira.xwiki.org/browse/XWIKI-20684 (exploitation via the REST API)\n* https://github.com/xwiki/xwiki-platform/commit/f471f2a392aeeb9e51d59fdfe1d76fccf532523f",
"id": "GHSA-gh64-qxh5-4m33",
"modified": "2023-10-25T21:06:58Z",
"published": "2023-10-25T21:06:58Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gh64-qxh5-4m33"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37911"
},
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/commit/f471f2a392aeeb9e51d59fdfe1d76fccf532523f"
},
{
"type": "WEB",
"url": "https://extensions.xwiki.org/xwiki/bin/view/Extension/Index%20Application#HPermanentlydeleteallpages"
},
{
"type": "PACKAGE",
"url": "https://github.com/xwiki/xwiki-platform"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-20684"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-20685"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-20817"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents"
}
GHSA-GHHM-XRWP-75M9
Vulnerability from github – Published: 2022-01-08 00:34 – Updated: 2022-01-07 22:38bookstack is vulnerable to Improper Access Control
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "ssddanbrown/bookstack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "21.12.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-4194"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-668",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-07T22:38:34Z",
"nvd_published_at": "2022-01-06T18:15:00Z",
"severity": "MODERATE"
},
"details": "bookstack is vulnerable to Improper Access Control",
"id": "GHSA-ghhm-xrwp-75m9",
"modified": "2022-01-07T22:38:34Z",
"published": "2022-01-08T00:34:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4194"
},
{
"type": "WEB",
"url": "https://github.com/bookstackapp/bookstack/commit/cb0d674a71449de883713db2fcdccb6e108992ad"
},
{
"type": "PACKAGE",
"url": "https://github.com/bookstackapp/bookstack"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/0bc8b3f7-9057-4eb7-a989-24cd5689f114"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "bookstack is vulnerable to Improper Access Control"
}
GHSA-GHMF-G5GH-VJMC
Vulnerability from github – Published: 2022-10-07 18:15 – Updated: 2022-10-12 12:00Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.
{
"affected": [],
"aliases": [
"CVE-2022-39870"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-07T15:15:00Z",
"severity": "HIGH"
},
"details": "Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.",
"id": "GHSA-ghmf-g5gh-vjmc",
"modified": "2022-10-12T12:00:30Z",
"published": "2022-10-07T18:15:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39870"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GJ2W-JPXR-J46G
Vulnerability from github – Published: 2022-04-12 00:00 – Updated: 2022-04-19 00:01Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission
{
"affected": [],
"aliases": [
"CVE-2022-27576"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-11T20:15:00Z",
"severity": "MODERATE"
},
"details": "Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission",
"id": "GHSA-gj2w-jpxr-j46g",
"modified": "2022-04-19T00:01:13Z",
"published": "2022-04-12T00:00:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27576"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GJ34-X4M8-M3RW
Vulnerability from github – Published: 2023-03-01 15:30 – Updated: 2023-03-10 21:30Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks.
{
"affected": [],
"aliases": [
"CVE-2023-24567"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-01T15:15:00Z",
"severity": "MODERATE"
},
"details": "Dell NetWorker versions 19.5 and earlier contain \u0027RabbitMQ\u0027 version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks.",
"id": "GHSA-gj34-x4m8-m3rw",
"modified": "2023-03-10T21:30:24Z",
"published": "2023-03-01T15:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24567"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000210471/dsa-2023-058-dell-networker-security-update-for-version-disclosure-vulnerability"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GJ84-924C-48FX
Vulnerability from github – Published: 2026-05-20 15:33 – Updated: 2026-05-20 15:33Summary
The SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort("", ":5553") resolves to ":5553" — a Go http.Server.Addr of ":5553" listens on every interface. On Windows the same code chose "localhost", binding loopback only.
The result was a platform split where the OS Algernon's dev workflow is most often used on (Linux/macOS) got the network-exposed default, and only Windows users got the loopback-safe one. A LAN peer with no developer interaction could connect to <dev-laptop-ip>:5553 and read the file-change stream.
This advisory covers the bind-address default in isolation. The fix is independent of authentication (#2a) and CORS (#2b) — switching the default to loopback can be done without touching either.
Details
Root cause — platform-dependent host default in handleFlags
// engine/flags.go:39-46 (1.17.6)
host := ""
if runtime.GOOS == "windows" {
host = "localhost"
// Default Bolt database file
ac.defaultBoltFilename = filepath.Join(serverTempDir, "algernon.db")
// Default log file
ac.defaultLogFile = filepath.Join(serverTempDir, "algernon.log")
}
// engine/config.go:388-391 (1.17.6, finalConfiguration)
if ac.eventAddr == "" {
ac.eventAddr = utils.JoinHostPort(host, ac.defaultEventColonPort)
}
Result tabulated:
| Platform | host |
eventAddr after JoinHostPort |
Effective bind |
|---|---|---|---|
| Linux | "" |
":5553" |
0.0.0.0:5553 (all interfaces) |
| macOS | "" |
":5553" |
0.0.0.0:5553 (all interfaces) |
| Windows | "localhost" |
"localhost:5553" |
127.0.0.1:5553 (loopback) |
The same host value also governs the main web server bind, so the platform split affects both ports. The web-server bind on Linux/macOS is a separate (defensible) design decision — a server intended to be reachable; the SSE port is not such a service and inherited the same default by accident.
Why this is an independent finding
The fix is a single line: change the default host value, or change the eventAddr default specifically, to "localhost" regardless of platform. No change to authentication or CORS is required to close the network-reach half of the original bundled advisory. A LAN peer can no longer connect — the listener is unreachable from another host — even if the SSE handler still has no authentication and still returns Allow-Origin: *.
PoC (against 1.17.6 on Linux/macOS)
# Operator's laptop on a hotel/cafe/office WiFi:
algernon -a /path/to/project
# => SSE listener bound to 0.0.0.0:5553
# Any peer on the same subnet:
$ curl -sN http://<dev-laptop-ip>:5553/sse
id: 0
data: /path/to/project/secret-notes.md
id: 1
data: /path/to/project/.env.local
No interaction from the developer is required. The peer needs network reach and nothing else.
Impact
- Confidentiality: medium. LAN-bounded continuous information disclosure of filenames and edit timing.
- Integrity: none.
- Availability: none directly.
The CVSS vector uses AV:A (adjacent network) to model the LAN-only reach. The vector for a misconfigured deployment behind a NAT-less or routed network would shift to AV:N and rise to 5.3.
Suggestions to fix
Primary fix — pick localhost as the SSE default on every platform.
// engine/flags.go -- platform-independent default for the event listener
// (keep the existing platform split for the WEB server if desired, but
// not for the event server)
host := "localhost"
Or, more surgically:
// engine/config.go -- finalConfiguration
if ac.eventAddr == "" {
ac.eventAddr = utils.JoinHostPort("localhost", ac.defaultEventColonPort)
}
An operator who genuinely wants LAN-reachable SSE can pass --eventserver 0.0.0.0:5553 explicitly and accept the consequences.
Stronger fix — eliminate the second listener entirely. Mount the SSE handler on the main mux at /sse. The bind address is then whatever the main server uses; there is no second listener and therefore no second bind-address default to get wrong.
Live verification
Audit-host bind check (Windows 10):
$ netstat -an | findstr 5553
TCP 127.0.0.1:5553 0.0.0.0:0 LISTENING
Confirms the Windows default is localhost. The Linux/macOS bind to 0.0.0.0:5553 is documented in the code path above; it was not exercised on the audit machine because the audit host was Windows. A maintainer reproducing on a Linux host would see 0.0.0.0:5553 LISTENING from ss -tlnp.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.17.6"
},
"package": {
"ecosystem": "Go",
"name": "github.com/xyproto/algernon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.17.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-46430"
],
"database_specific": {
"cwe_ids": [
"CWE-1188",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-20T15:33:56Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\n\nThe SSE event server bound to `0.0.0.0:5553` on Linux/macOS by default because the platform-dependent host default in `engine/flags.go:39-46` set `host = \"\"` for non-Windows, and `utils.JoinHostPort(\"\", \":5553\")` resolves to `\":5553\"` \u2014 a Go `http.Server.Addr` of `\":5553\"` listens on every interface. On Windows the same code chose `\"localhost\"`, binding loopback only.\n\nThe result was a platform split where the OS Algernon\u0027s dev workflow is most often used on (Linux/macOS) got the network-exposed default, and only Windows users got the loopback-safe one. A LAN peer with no developer interaction could connect to `\u003cdev-laptop-ip\u003e:5553` and read the file-change stream.\n\nThis advisory covers the bind-address default in isolation. The fix is independent of authentication (#2a) and CORS (#2b) \u2014 switching the default to loopback can be done without touching either.\n\n### Details\n\n#### Root cause \u2014 platform-dependent `host` default in `handleFlags`\n\n```go\n// engine/flags.go:39-46 (1.17.6)\nhost := \"\"\nif runtime.GOOS == \"windows\" {\n host = \"localhost\"\n // Default Bolt database file\n ac.defaultBoltFilename = filepath.Join(serverTempDir, \"algernon.db\")\n // Default log file\n ac.defaultLogFile = filepath.Join(serverTempDir, \"algernon.log\")\n}\n```\n\n```go\n// engine/config.go:388-391 (1.17.6, finalConfiguration)\nif ac.eventAddr == \"\" {\n ac.eventAddr = utils.JoinHostPort(host, ac.defaultEventColonPort)\n}\n```\n\nResult tabulated:\n\n| Platform | `host` | `eventAddr` after `JoinHostPort` | Effective bind |\n|---|---|---|---|\n| Linux | `\"\"` | `\":5553\"` | `0.0.0.0:5553` (all interfaces) |\n| macOS | `\"\"` | `\":5553\"` | `0.0.0.0:5553` (all interfaces) |\n| Windows | `\"localhost\"` | `\"localhost:5553\"` | `127.0.0.1:5553` (loopback) |\n\nThe same `host` value also governs the main web server bind, so the platform split affects both ports. The web-server bind on Linux/macOS is a separate (defensible) design decision \u2014 a server intended to be reachable; the SSE port is *not* such a service and inherited the same default by accident.\n\n#### Why this is an independent finding\n\nThe fix is a single line: change the default `host` value, or change the `eventAddr` default specifically, to `\"localhost\"` regardless of platform. No change to authentication or CORS is required to close the network-reach half of the original bundled advisory. A LAN peer can no longer connect \u2014 the listener is unreachable from another host \u2014 even if the SSE handler still has no authentication and still returns `Allow-Origin: *`.\n\n### PoC (against 1.17.6 on Linux/macOS)\n\n```bash\n# Operator\u0027s laptop on a hotel/cafe/office WiFi:\nalgernon -a /path/to/project\n# =\u003e SSE listener bound to 0.0.0.0:5553\n\n# Any peer on the same subnet:\n$ curl -sN http://\u003cdev-laptop-ip\u003e:5553/sse\nid: 0\ndata: /path/to/project/secret-notes.md\n\nid: 1\ndata: /path/to/project/.env.local\n```\n\nNo interaction from the developer is required. The peer needs network reach and nothing else.\n\n### Impact\n\n- **Confidentiality:** medium. LAN-bounded continuous information disclosure of filenames and edit timing.\n- **Integrity:** none.\n- **Availability:** none directly.\n\nThe CVSS vector uses `AV:A` (adjacent network) to model the LAN-only reach. The vector for a misconfigured deployment behind a NAT-less or routed network would shift to `AV:N` and rise to 5.3.\n\n### Suggestions to fix\n\n**Primary fix \u2014 pick `localhost` as the SSE default on every platform.**\n\n```go\n// engine/flags.go -- platform-independent default for the event listener\n// (keep the existing platform split for the WEB server if desired, but\n// not for the event server)\nhost := \"localhost\"\n```\n\nOr, more surgically:\n\n```go\n// engine/config.go -- finalConfiguration\nif ac.eventAddr == \"\" {\n ac.eventAddr = utils.JoinHostPort(\"localhost\", ac.defaultEventColonPort)\n}\n```\n\nAn operator who genuinely wants LAN-reachable SSE can pass `--eventserver 0.0.0.0:5553` explicitly and accept the consequences.\n\n**Stronger fix \u2014 eliminate the second listener entirely.** Mount the SSE handler on the main mux at `/sse`. The bind address is then whatever the main server uses; there is no second listener and therefore no second bind-address default to get wrong.\n\n### Live verification\n\nAudit-host bind check (Windows 10):\n\n```\n$ netstat -an | findstr 5553\n TCP 127.0.0.1:5553 0.0.0.0:0 LISTENING\n```\n\nConfirms the Windows default is `localhost`. The Linux/macOS bind to `0.0.0.0:5553` is documented in the code path above; it was not exercised on the audit machine because the audit host was Windows. A maintainer reproducing on a Linux host would see `0.0.0.0:5553 LISTENING` from `ss -tlnp`.",
"id": "GHSA-gj84-924c-48fx",
"modified": "2026-05-20T15:33:56Z",
"published": "2026-05-20T15:33:56Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/xyproto/algernon/security/advisories/GHSA-gj84-924c-48fx"
},
{
"type": "PACKAGE",
"url": "https://github.com/xyproto/algernon"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS"
}
GHSA-GJFQ-Q65W-382H
Vulnerability from github – Published: 2022-05-24 17:10 – Updated: 2024-03-21 03:33Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching.
{
"affected": [],
"aliases": [
"CVE-2020-10110"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-06T21:15:00Z",
"severity": "MODERATE"
},
"details": "Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching.",
"id": "GHSA-gjfq-q65w-382h",
"modified": "2024-03-21T03:33:54Z",
"published": "2022-05-24T17:10:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10110"
},
{
"type": "WEB",
"url": "https://seclists.org/fulldisclosure/2020/Mar/7"
},
{
"type": "WEB",
"url": "https://support.citrix.com/search"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/156656/Citrix-Gateway-11.1-12.0-12.1-Information-Disclosure.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GJGW-RX73-RVP5
Vulnerability from github – Published: 2022-12-25 06:30 – Updated: 2025-04-14 18:31Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie (findable in HTML source code for Default.aspx in some situations) and the WhoAmI endpoint (e.g., path disclosure).
{
"affected": [],
"aliases": [
"CVE-2022-45895"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-25T05:15:00Z",
"severity": "MODERATE"
},
"details": "Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie (findable in HTML source code for Default.aspx in some situations) and the WhoAmI endpoint (e.g., path disclosure).",
"id": "GHSA-gjgw-rx73-rvp5",
"modified": "2025-04-14T18:31:42Z",
"published": "2022-12-25T06:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45895"
},
{
"type": "WEB",
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-planet-enterprises-ltd-planet-estream"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GJQ6-54J6-8RPM
Vulnerability from github – Published: 2022-04-17 00:00 – Updated: 2022-04-27 00:00Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details.
{
"affected": [],
"aliases": [
"CVE-2022-26777"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-16T16:15:00Z",
"severity": "MODERATE"
},
"details": "Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details.",
"id": "GHSA-gjq6-54j6-8rpm",
"modified": "2022-04-27T00:00:28Z",
"published": "2022-04-17T00:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26777"
},
{
"type": "WEB",
"url": "https://raxis.com/blog/cve-2022-26653-and-cve-2022-26777"
},
{
"type": "WEB",
"url": "https://www.manageengine.com/remote-desktop-management/advisory/cve-2022-26777.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GJV9-7PJ8-FWM8
Vulnerability from github – Published: 2023-06-05 15:33 – Updated: 2024-04-04 04:32emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request.
{
"affected": [],
"aliases": [
"CVE-2023-33518"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-05T15:15:09Z",
"severity": "MODERATE"
},
"details": "emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request.",
"id": "GHSA-gjv9-7pj8-fwm8",
"modified": "2024-04-04T04:32:04Z",
"published": "2023-06-05T15:33:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33518"
},
{
"type": "WEB",
"url": "https://github.com/emoncms/emoncms/issues/1856"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.