Common Weakness Enumeration

CWE-669

Allowed-with-Review

Incorrect Resource Transfer Between Spheres

Abstraction: Class · Status: Draft

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

144 vulnerabilities reference this CWE, most recent first.

GHSA-PHP9-88RP-7QWR

Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-05-24 17:42
VLAI
Details

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier. IBM X-Force ID: 198191.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-20411"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-12T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier. IBM X-Force ID: 198191.",
  "id": "GHSA-php9-88rp-7qwr",
  "modified": "2022-05-24T17:42:02Z",
  "published": "2022-05-24T17:42:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20411"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196191"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6414777"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-PMXF-4V8C-RWR7

Vulnerability from github – Published: 2022-05-24 16:47 – Updated: 2022-06-28 14:10
VLAI
Summary
Incorrect Resource Transfer Between Spheres in Grails
Details

Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.grails:grails-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.3.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-12728"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-494",
      "CWE-669"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-28T14:10:27Z",
    "nvd_published_at": "2019-06-04T13:29:00Z",
    "severity": "HIGH"
  },
  "details": "Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users\u0027 apps were not resolving dependencies over cleartext HTTP.",
  "id": "GHSA-pmxf-4v8c-rwr7",
  "modified": "2022-06-28T14:10:27Z",
  "published": "2022-05-24T16:47:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12728"
    },
    {
      "type": "WEB",
      "url": "https://github.com/grails/grails-core/issues/11250"
    },
    {
      "type": "WEB",
      "url": "https://objectcomputing.com/news/2019/05/30/possible-grails-mitm-vulnerability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Incorrect Resource Transfer Between Spheres in Grails"
}

GHSA-Q42F-8H4Q-G7MM

Vulnerability from github – Published: 2026-04-16 09:31 – Updated: 2026-04-16 09:31
VLAI
Details

In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-41030"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-16T07:16:30Z",
    "severity": "MODERATE"
  },
  "details": "In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges.",
  "id": "GHSA-q42f-8h4q-g7mm",
  "modified": "2026-04-16T09:31:44Z",
  "published": "2026-04-16T09:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41030"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ONLYOFFICE/DesktopEditors/blob/master/CHANGELOG.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q539-3F98-VMMM

Vulnerability from github – Published: 2023-06-07 21:30 – Updated: 2024-04-04 04:39
VLAI
Details

An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause changes to the activation mode of RCS via a crafted application.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-31115"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-07T21:15:13Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause changes to the activation mode of RCS via a crafted application.",
  "id": "GHSA-q539-3f98-vmmm",
  "modified": "2024-04-04T04:39:56Z",
  "published": "2023-06-07T21:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31115"
    },
    {
      "type": "WEB",
      "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q963-V9W4-PQP9

Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-10-25 19:00
VLAI
Details

The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-24602"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-23T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page",
  "id": "GHSA-q963-v9w4-pqp9",
  "modified": "2022-10-25T19:00:24Z",
  "published": "2022-05-24T19:11:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24602"
    },
    {
      "type": "WEB",
      "url": "https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QPPP-W788-JHGH

Vulnerability from github – Published: 2022-05-17 02:51 – Updated: 2022-05-17 02:51
VLAI
Details

The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-5062"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-09-29T10:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.",
  "id": "GHSA-qppp-w788-jhgh",
  "modified": "2022-05-17T02:51:04Z",
  "published": "2022-05-17T02:51:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5062"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/706359"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93208"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R2C6-8JC8-G32W

Vulnerability from github – Published: 2026-02-02 00:30 – Updated: 2026-02-02 20:42
VLAI
Summary
Duplicate Advisory: 1-Click RCE via Authentication Token Exfiltration From gatewayUrl
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-g8p2-7wf7-98mq. This link is maintained to preserve external references.

Original Description

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "clawdbot"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.1.29"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-02T20:42:52Z",
    "nvd_published_at": "2026-02-01T23:15:49Z",
    "severity": "HIGH"
  },
  "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-g8p2-7wf7-98mq. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.",
  "id": "GHSA-r2c6-8jc8-g32w",
  "modified": "2026-02-02T20:42:52Z",
  "published": "2026-02-02T00:30:23Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g8p2-7wf7-98mq"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25253"
    },
    {
      "type": "WEB",
      "url": "https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys"
    },
    {
      "type": "WEB",
      "url": "https://openclaw.ai/blog"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Duplicate Advisory: 1-Click RCE via Authentication Token Exfiltration From gatewayUrl",
  "withdrawn": "2026-02-02T20:42:52Z"
}

GHSA-R2FH-QM7G-X68J

Vulnerability from github – Published: 2022-06-03 00:00 – Updated: 2022-06-14 00:00
VLAI
Details

A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-30236"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-02T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Affected Products: Wiser Smart, EER21000 \u0026 EER21001 (V4.5 and prior)",
  "id": "GHSA-r2fh-qm7g-x68j",
  "modified": "2022-06-14T00:00:30Z",
  "published": "2022-06-03T00:00:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30236"
    },
    {
      "type": "WEB",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2022-130-03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R3Q7-7PWQ-HQQ8

Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2022-05-24 17:37
VLAI
Details

The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-24683"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-22T22:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application.",
  "id": "GHSA-r3q7-7pwq-hqq8",
  "modified": "2022-05-24T17:37:03Z",
  "published": "2022-05-24T17:37:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24683"
    },
    {
      "type": "WEB",
      "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-RPRM-6MG6-R8FM

Vulnerability from github – Published: 2026-05-07 03:31 – Updated: 2026-05-07 03:31
VLAI
Details

Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-44599"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-07T03:16:07Z",
    "severity": "LOW"
  },
  "details": "Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008.",
  "id": "GHSA-rprm-6mg6-r8fm",
  "modified": "2026-05-07T03:31:21Z",
  "published": "2026-05-07T03:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44599"
    },
    {
      "type": "WEB",
      "url": "https://forum.torproject.org/c/news/tor-release-announcement/28"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.torproject.org/tpo/core/tor/-/commit/50f90ba849088247734786922855c22661c6fa03"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.torproject.org/tpo/core/tor/-/work_items/41243"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2026/05/06/8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.