CWE-668
DiscouragedExposure of Resource to Wrong Sphere
Abstraction: Class · Status: Draft
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
1252 vulnerabilities reference this CWE, most recent first.
GHSA-HQ94-G33H-JJ2X
Vulnerability from github – Published: 2022-05-24 19:16 – Updated: 2022-10-27 19:00Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;
{
"affected": [],
"aliases": [
"CVE-2021-3709"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-01T03:15:00Z",
"severity": "MODERATE"
},
"details": "Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;",
"id": "GHSA-hq94-g33h-jj2x",
"modified": "2022-10-27T19:00:39Z",
"published": "2022-05-24T19:16:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3709"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308"
},
{
"type": "WEB",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709"
},
{
"type": "WEB",
"url": "https://ubuntu.com/security/notices/USN-5077-1"
},
{
"type": "WEB",
"url": "https://ubuntu.com/security/notices/USN-5077-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HQF6-VVJ2-CJ4W
Vulnerability from github – Published: 2022-05-05 00:00 – Updated: 2022-05-14 00:03An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands.
{
"affected": [],
"aliases": [
"CVE-2021-41032"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-04T16:15:00Z",
"severity": "MODERATE"
},
"details": "An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands.",
"id": "GHSA-hqf6-vvj2-cj4w",
"modified": "2022-05-14T00:03:36Z",
"published": "2022-05-05T00:00:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41032"
},
{
"type": "WEB",
"url": "https://fortiguard.com/psirt/FG-IR-21-147"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HQP6-MJW3-F586
Vulnerability from github – Published: 2025-07-02 21:32 – Updated: 2025-07-05 01:47An authenticated virtual machine escape vulnerability exists in HashiCorp Vagrant versions 2.4.6 and below when using the default synced folder configuration. By design, Vagrant automatically mounts the host system’s project directory into the guest VM under /vagrant (or C:\vagrant on Windows). This includes the Vagrantfile configuration file, which is a Ruby script evaluated by the host every time a vagrant command is executed in the project directory. If a low-privileged attacker obtains shell access to the guest VM, they can append arbitrary Ruby code to the mounted Vagrantfile. When a user on the host later runs any vagrant command, the injected code is executed on the host with that user’s privileges.
While this shared-folder behavior is well-documented by Vagrant, the security implications of Vagrantfile execution from guest-writable storage are not explicitly addressed. This effectively enables guest-to-host code execution in multi-tenant or adversarial VM scenarios.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "vagrant"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.10"
},
{
"fixed": "2.4.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-34075"
],
"database_specific": {
"cwe_ids": [
"CWE-276",
"CWE-668",
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2025-07-03T12:59:35Z",
"nvd_published_at": "2025-07-02T20:15:29Z",
"severity": "MODERATE"
},
"details": "An authenticated virtual machine escape vulnerability exists in HashiCorp Vagrant versions 2.4.6 and below when using the default synced folder configuration. By design, Vagrant automatically mounts the host system\u2019s project directory into the guest VM under /vagrant (or C:\\vagrant on Windows). This includes the Vagrantfile configuration file, which is a Ruby script evaluated by the host every time a vagrant command is executed in the project directory. If a low-privileged attacker obtains shell access to the guest VM, they can append arbitrary Ruby code to the mounted Vagrantfile. When a user on the host later runs any vagrant command, the injected code is executed on the host with that user\u2019s privileges.\n\nWhile this shared-folder behavior is well-documented by Vagrant, the security implications of Vagrantfile execution from guest-writable storage are not explicitly addressed. This effectively enables guest-to-host code execution in multi-tenant or adversarial VM scenarios.",
"id": "GHSA-hqp6-mjw3-f586",
"modified": "2025-07-05T01:47:56Z",
"published": "2025-07-02T21:32:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34075"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/vagrant/issues/13688"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/vagrant/commit/abe87b2fdc124ef426c016d44d2f6f4792f0cbe3"
},
{
"type": "WEB",
"url": "https://developer.hashicorp.com/vagrant"
},
{
"type": "WEB",
"url": "https://developer.hashicorp.com/vagrant/docs/synced-folders/basic_usage"
},
{
"type": "WEB",
"url": "https://developer.hashicorp.com/vagrant/docs/vagrantfile"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-hqp6-mjw3-f586"
},
{
"type": "PACKAGE",
"url": "https://github.com/hashicorp/vagrant"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/vagrant/CVE-2025-34075.yml"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/local/vagrant_synced_folder_vagrantfile_breakout.rb"
},
{
"type": "WEB",
"url": "https://vulncheck.com/advisories/hashicorp-vagrant-synced-folder-vagrantfile-breakout"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "HashiCorp Vagrant has code injection vulnerability through default synced folders"
}
GHSA-HVF8-H2QH-37M9
Vulnerability from github – Published: 2021-01-28 19:11 – Updated: 2025-05-27 15:20Impact
IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame.
If your app does ANY of the following, then it is impacted by this issue:
- Uses remote
- Calls webContents.sendToFrame
- Calls event.reply in an IPC message handler
Patches
This has been fixed in the following versions:
- 9.4.0
- 10.2.0
- 11.1.0
- 12.0.0-beta.9
Workarounds
There are no workarounds for this issue.
For more information
If you have any questions or comments about this advisory, email us at security@electronjs.org.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "electron"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.4.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "electron"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.2.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "electron"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0"
},
{
"fixed": "11.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-26272"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2021-01-28T19:11:05Z",
"nvd_published_at": "2021-01-28T19:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nIPC messages sent from the main process to a subframe in the renderer process, through `webContents.sendToFrame`, `event.reply` or when using the `remote` module, can in some cases be delivered to the wrong frame.\n\nIf your app does ANY of the following, then it is impacted by this issue:\n- Uses `remote`\n- Calls `webContents.sendToFrame`\n- Calls `event.reply` in an IPC message handler\n\n### Patches\nThis has been fixed in the following versions:\n\n- 9.4.0\n- 10.2.0\n- 11.1.0\n- 12.0.0-beta.9\n\n### Workarounds\nThere are no workarounds for this issue.\n\n### For more information\nIf you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org).",
"id": "GHSA-hvf8-h2qh-37m9",
"modified": "2025-05-27T15:20:19Z",
"published": "2021-01-28T19:11:34Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26272"
},
{
"type": "WEB",
"url": "https://github.com/electron/electron/pull/26875"
},
{
"type": "WEB",
"url": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c"
},
{
"type": "WEB",
"url": "https://github.com/electron/electron/commit/0bbd268eb4caf35604443df5ff196980dd49e208"
},
{
"type": "WEB",
"url": "https://github.com/electron/electron/commit/36c695ce2a7e22c07fe1e30c61c00d20371daee2"
},
{
"type": "WEB",
"url": "https://github.com/electron/electron/commit/429400040ecb16a21d19936658579e65a797e4cc"
},
{
"type": "WEB",
"url": "https://github.com/electron/electron/commit/5c8e7e8b7f485ceafa8b271086d7b87e1de9dedd"
},
{
"type": "WEB",
"url": "https://github.com/electron/electron/releases/tag/v9.4.0"
},
{
"type": "WEB",
"url": "https://www.electronjs.org/releases/stable?version=9#9.4.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "IPC messages delivered to the wrong frame in Electron"
}
GHSA-HVGW-R2WX-XWH4
Vulnerability from github – Published: 2023-03-14 18:30 – Updated: 2023-03-14 18:30Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
{
"affected": [],
"aliases": [
"CVE-2023-24906"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-14T17:15:00Z",
"severity": "MODERATE"
},
"details": "Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability",
"id": "GHSA-hvgw-r2wx-xwh4",
"modified": "2023-03-14T18:30:21Z",
"published": "2023-03-14T18:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24906"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24906"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HVJ5-X43R-QG3F
Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2022-05-24 16:46A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller.
{
"affected": [],
"aliases": [
"CVE-2018-7846"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-22T20:29:00Z",
"severity": "CRITICAL"
},
"details": "A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller.",
"id": "GHSA-hvj5-x43r-qg3f",
"modified": "2022-05-24T16:46:13Z",
"published": "2022-05-24T16:46:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7846"
},
{
"type": "WEB",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0735"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-HVJM-QMP9-PW7F
Vulnerability from github – Published: 2022-03-24 00:00 – Updated: 2022-04-02 00:00GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information.
{
"affected": [],
"aliases": [
"CVE-2021-27424"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-23T20:15:00Z",
"severity": "MODERATE"
},
"details": "GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a \u201cLast-key pressed\u201d MODBUS register can be used to gain unauthorized information.",
"id": "GHSA-hvjm-qmp9-pw7f",
"modified": "2022-04-02T00:00:32Z",
"published": "2022-03-24T00:00:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27424"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02"
},
{
"type": "WEB",
"url": "https://www.gegridsolutions.com/Passport/Login.aspx"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HW3V-VXGM-36RP
Vulnerability from github – Published: 2023-02-27 21:30 – Updated: 2023-03-09 00:30The issue was addressed with improved memory handling This issue is fixed in macOS Ventura 13.2. An app may be able to disclose kernel memory..
{
"affected": [],
"aliases": [
"CVE-2023-23501"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-27T20:15:00Z",
"severity": "MODERATE"
},
"details": "The issue was addressed with improved memory handling This issue is fixed in macOS Ventura 13.2. An app may be able to disclose kernel memory..",
"id": "GHSA-hw3v-vxgm-36rp",
"modified": "2023-03-09T00:30:18Z",
"published": "2023-02-27T21:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23501"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213605"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HWQR-F3V9-HWXR
Vulnerability from github – Published: 2022-07-15 21:56 – Updated: 2026-02-03 17:37Versions of distributed earlier than 2021.10.0 had a potential security vulnerability relating to single-machine Dask clusters.
Clusters started with dask.distributed.LocalCluster or dask.distributed.Client() (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers to listen on external interfaces (typically with a randomly selected high port) rather than only on localhost. A Dask cluster created using this method AND running on a machine that has these ports exposed could be used by a sophisticated attacker to enable remote code execution. Users running on machines with standard firewalls in place, or using clusters created via cluster objects other than LocalCluster (e.g. dask_kubernetes.KubeCluster) should not be affected. This vulnerability is documented in CVE-2021-42343, and was fixed in version 2021.10.0 (PR #5427).
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "distributed"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2021.10.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-42343"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-15T21:56:08Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "Versions of `distributed` earlier than `2021.10.0` had a potential security vulnerability relating to single-machine Dask clusters.\n\nClusters started with `dask.distributed.LocalCluster` or `dask.distributed.Client()` (which defaults to using `LocalCluster`) would mistakenly configure their respective Dask workers to listen on external interfaces (typically with a randomly selected high port) rather than only on `localhost`. A Dask cluster created using this method AND running on a machine that has these ports exposed could be used by a sophisticated attacker to enable remote code execution. Users running on machines with standard firewalls in place, or using clusters created via cluster objects other than `LocalCluster` (e.g. `dask_kubernetes.KubeCluster`) should not be affected. This vulnerability is documented in CVE-2021-42343, and was fixed in version `2021.10.0` (PR #5427).",
"id": "GHSA-hwqr-f3v9-hwxr",
"modified": "2026-02-03T17:37:34Z",
"published": "2022-07-15T21:56:08Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/dask/distributed/security/advisories/GHSA-hwqr-f3v9-hwxr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42343"
},
{
"type": "WEB",
"url": "https://github.com/dask/distributed/pull/5427"
},
{
"type": "WEB",
"url": "https://github.com/dask/distributed/commit/afce4be8e05fb180e50a9d9e38465f1a82295e1b"
},
{
"type": "WEB",
"url": "https://docs.dask.org/en/latest/changelog.html"
},
{
"type": "WEB",
"url": "https://github.com/dask/dask/tags"
},
{
"type": "PACKAGE",
"url": "https://github.com/dask/distributed"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/distributed/PYSEC-2021-871.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/distributed/PYSEC-2021-872.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Workers for local Dask clusters mistakenly listened on public interfaces"
}
GHSA-HX75-3JR9-944M
Vulnerability from github – Published: 2022-11-30 15:30 – Updated: 2026-02-23 09:31Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system.
{
"affected": [],
"aliases": [
"CVE-2022-1911"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-30T15:15:00Z",
"severity": "MODERATE"
},
"details": "Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system.",
"id": "GHSA-hx75-3jr9-944m",
"modified": "2026-02-23T09:31:17Z",
"published": "2022-11-30T15:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1911"
},
{
"type": "WEB",
"url": "https://empower.m-files.com/security-advisories/CVE-2022-1911"
},
{
"type": "WEB",
"url": "https://product.m-files.com/security-advisories/cve-2022-1911"
},
{
"type": "WEB",
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2022-1911"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.