Common Weakness Enumeration

CWE-749

Allowed

Exposed Dangerous Method or Function

Abstraction: Base · Status: Incomplete

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

304 vulnerabilities reference this CWE, most recent first.

GHSA-88CV-G9GQ-H6PQ

Vulnerability from github – Published: 2025-12-04 21:31 – Updated: 2025-12-04 21:31
VLAI
Details

Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted PDF file to viewer.html. This issue is related to CVE-2024-4367, but the root cause of this Nextcloud issue is that the product exposes executable example code on a same-origin basis.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59788"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-749",
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-04T19:16:04Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in the context of a user\u0027s browser via a crafted PDF file to viewer.html. This issue is related to CVE-2024-4367, but the root cause of this Nextcloud issue is that the product exposes executable example code on a same-origin basis.",
  "id": "GHSA-88cv-g9gq-h6pq",
  "modified": "2025-12-04T21:31:04Z",
  "published": "2025-12-04T21:31:04Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24wp-p865-7j4r"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59788"
    },
    {
      "type": "WEB",
      "url": "https://nextcloud.com"
    },
    {
      "type": "WEB",
      "url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-003"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-88JQ-MX6C-FWFM

Vulnerability from github – Published: 2024-05-03 03:30 – Updated: 2024-05-03 03:30
VLAI
Details

Foxit PDF Editor DOC File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of DOC files. The issue results from the lack of proper restrictions on macro-enabled documents. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19739.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-27365"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-749"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T02:15:14Z",
    "severity": "HIGH"
  },
  "details": "Foxit PDF Editor DOC File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DOC files. The issue results from the lack of proper restrictions on macro-enabled documents. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19739.",
  "id": "GHSA-88jq-mx6c-fwfm",
  "modified": "2024-05-03T03:30:49Z",
  "published": "2024-05-03T03:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27365"
    },
    {
      "type": "WEB",
      "url": "https://www.foxit.com/support/security-bulletins.html"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-493"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8JFC-9MV9-FVF7

Vulnerability from github – Published: 2024-05-03 03:30 – Updated: 2024-05-03 03:30
VLAI
Details

LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of the copyContent command. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19945.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-40501"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-749"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T03:15:24Z",
    "severity": "CRITICAL"
  },
  "details": "LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of the copyContent command. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19945.",
  "id": "GHSA-8jfc-9mv9-fvf7",
  "modified": "2024-05-03T03:30:58Z",
  "published": "2024-05-03T03:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40501"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1217"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8MV3-37RC-PVXJ

Vulnerability from github – Published: 2025-01-14 15:42 – Updated: 2025-05-21 14:15
VLAI
Summary
TYPO3 DB Check Module vulnerable to Cross-Site Request Forgery
Details

Problem

A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method.

Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions:

  • the user opens a malicious link, such as one sent via email.
  • the user visits a compromised or manipulated website while the following settings are misconfigured:
  • security.backend.enforceReferrer feature is disabled,
  • BE/cookieSameSite configuration is set to lax or none

The vulnerability in the affected downstream component “DB Check Module” allows attackers to manipulate data through unauthorized actions.

Solution

Update to TYPO3 versions 11.5.42 ELTS that fixes the problem described.

Credits

Thanks to Gabriel Dimitrov who reported this issue and to TYPO3 core and security members Benjamin Franzke, Oliver Hader, Andreas Kienast, Torben Hansen, Elias Häußler who fixed the issue.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 11.5.41"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-lowlevel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.0"
            },
            {
              "fixed": "11.5.42"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-55945"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352",
      "CWE-749"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-01-14T15:42:50Z",
    "nvd_published_at": "2025-01-14T20:15:30Z",
    "severity": "MODERATE"
  },
  "details": "### Problem\nA vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method.\n\nSuccessful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions:\n\n* the user opens a malicious link, such as one sent via email.\n* the user visits a compromised or manipulated website while the following settings are misconfigured:\n  + `security.backend.enforceReferrer` feature is disabled,\n  + `BE/cookieSameSite` configuration is set to `lax` or `none`\n\nThe vulnerability in the affected downstream component \u201cDB Check Module\u201d allows attackers to manipulate data through unauthorized actions.\n\n### Solution\nUpdate to TYPO3 versions 11.5.42 ELTS that fixes the problem described.\n\n### Credits\nThanks to Gabriel Dimitrov who reported this issue and to TYPO3 core and security members Benjamin Franzke, Oliver Hader, Andreas Kienast, Torben Hansen, Elias H\u00e4u\u00dfler who fixed the issue.",
  "id": "GHSA-8mv3-37rc-pvxj",
  "modified": "2025-05-21T14:15:53Z",
  "published": "2025-01-14T15:42:50Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8mv3-37rc-pvxj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55945"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/TYPO3-CMS/lowlevel"
    },
    {
      "type": "WEB",
      "url": "https://typo3.org/security/advisory/typo3-core-sa-2025-010"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "TYPO3 DB Check Module vulnerable to Cross-Site Request Forgery"
}

GHSA-92CG-GHQ6-9587

Vulnerability from github – Published: 2023-12-12 03:31 – Updated: 2024-09-30 18:52
VLAI
Summary
Duplicate Advisory: Privilege escalation in sap/cloud-security-client-go
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-m8rw-rcpq-2vp2. This link is maintained to preserve external references.

Original Description

SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) - versions < 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/sap/cloud-security-client-go"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.17.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-639",
      "CWE-749"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-15T03:39:45Z",
    "nvd_published_at": "2023-12-12T03:15:07Z",
    "severity": "CRITICAL"
  },
  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-m8rw-rcpq-2vp2. This link is maintained to preserve external references.\n\n## Original Description\nSAP\u00a0BTP\u00a0Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) - versions \u003c 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.\n\n",
  "id": "GHSA-92cg-ghq6-9587",
  "modified": "2024-09-30T18:52:24Z",
  "published": "2023-12-12T03:31:45Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50424"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SAP/cloud-security-client-go/commit/2e3bd63e152e09f267316a1071034eb5d4b7f498"
    },
    {
      "type": "WEB",
      "url": "https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/SAP/cloud-security-client-go"
    },
    {
      "type": "WEB",
      "url": "https://me.sap.com/notes/3411067"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/github.com/sap/cloud-security-client-go@v0.17.0"
    },
    {
      "type": "WEB",
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Duplicate Advisory: Privilege escalation in sap/cloud-security-client-go",
  "withdrawn": "2024-09-30T18:52:24Z"
}

GHSA-98WF-PJ2G-84XF

Vulnerability from github – Published: 2025-12-24 00:30 – Updated: 2025-12-24 00:30
VLAI
Details

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the SAS Core Service. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27668.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-14492"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-749"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-23T22:15:50Z",
    "severity": "HIGH"
  },
  "details": "RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the SAS Core Service. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27668.",
  "id": "GHSA-98wf-pj2g-84xf",
  "modified": "2025-12-24T00:30:15Z",
  "published": "2025-12-24T00:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14492"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1172"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9FFH-XXX5-C8PC

Vulnerability from github – Published: 2024-05-03 03:31 – Updated: 2024-05-03 03:31
VLAI
Details

Voltronic Power ViewPower setShutdown Exposed Dangerous Method Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the setShutdown method. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22023.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-51577"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-749"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T03:16:17Z",
    "severity": "HIGH"
  },
  "details": "Voltronic Power ViewPower setShutdown Exposed Dangerous Method Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the setShutdown method. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22023.",
  "id": "GHSA-9ffh-xxx5-c8pc",
  "modified": "2024-05-03T03:31:07Z",
  "published": "2024-05-03T03:31:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51577"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1883"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9H94-Q24V-4V27

Vulnerability from github – Published: 2026-03-05 18:31 – Updated: 2026-03-25 18:31
VLAI
Details

Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, config import modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files flutter/lib/common.Dart and program routines importConfig() via URI handler.

This issue affects RustDesk Client: through 1.4.5.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-30797"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-749"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-05T16:16:21Z",
    "severity": "CRITICAL"
  },
  "details": "Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, config import modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files flutter/lib/common.Dart and program routines importConfig() via URI handler.\n\nThis issue affects RustDesk Client: through 1.4.5.",
  "id": "GHSA-9h94-q24v-4v27",
  "modified": "2026-03-25T18:31:37Z",
  "published": "2026-03-05T18:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30797"
    },
    {
      "type": "WEB",
      "url": "https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub"
    },
    {
      "type": "WEB",
      "url": "https://rustdesk.com/docs/en/client"
    },
    {
      "type": "WEB",
      "url": "https://www.vulsec.org"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-9HFW-W3F4-C4P8

Vulnerability from github – Published: 2026-06-04 06:30 – Updated: 2026-07-14 19:45
VLAI
Summary
OpenStack Mistral allows Arbitrary Remote Code Execution when the API is exposed
Details

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "mistral"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "20.0.0"
            },
            {
              "fixed": "20.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "mistral"
      },
      "versions": [
        "21.0.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "mistral"
      },
      "versions": [
        "22.0.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41283"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-749",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-14T19:45:28Z",
    "nvd_published_at": "2026-06-04T04:17:12Z",
    "severity": "CRITICAL"
  },
  "details": "OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.",
  "id": "GHSA-9hfw-w3f4-c4p8",
  "modified": "2026-07-14T19:45:28Z",
  "published": "2026-06-04T06:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41283"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-41283"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484607"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openstack/mistral"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/mistral/tags"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41283.json"
    },
    {
      "type": "WEB",
      "url": "https://security.openstack.org/ossa/OSSA-2026-020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2026/06/03/14"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/06/03/14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenStack Mistral allows Arbitrary Remote Code Execution when the API is exposed"
}

GHSA-9J4F-F249-Q5W8

Vulnerability from github – Published: 2024-09-06 21:37 – Updated: 2024-11-18 16:27
VLAI
Summary
Default installation of `synthetic-monitoring-agent` exposes sensitive information
Details

Impact

Users running the Synthetic Monitoring agent in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed thru a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and assigned to the agent identified with that token. The Synthetic Monitoring API will reject connections from already-connected agents, so access to the token does not guarantee access to the checks.

Patches

Fixed version is v0.12.0

Users are advised to rotate the agent tokens.

After upgrading to version v0.12.0 or later, it's recommended that user's of distribution packages (e.g. Debian or RedHat and their derivatives) review the configuration stored in /etc/synthetic-monitoring/synthetic-monitoring-agent.conf, specifically the API_TOKEN variable which has been renamed to SM_AGENT_API_TOKEN.

Workarounds

With all previous versions, it's recommended that users review the agent settings and set the HTTP listening address in a manner that limits the exposure, for example, localhost or a non-routed network, by using the command line parameter -listen-address, e.g. -listen-address localhost:4050.

References

The following changes have been made to address this issue:

For more information

If you have any questions or comments about this advisory: * You can use the Synthetic Monitoring Agent discussions. * Issues should be reported in the Synthetic Monitoring Agent issues. * Email us at security@grafana.com.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/grafana/synthetic-monitoring-agent/cmd/synthetic-monitoring-agent"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/grafana/synthetic-monitoring-agent"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-46156"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-489",
      "CWE-749"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-09-06T21:37:02Z",
    "nvd_published_at": "2022-11-30T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nUsers running the Synthetic Monitoring agent in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed thru a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and assigned to the agent identified with that token. The Synthetic Monitoring API will reject connections from already-connected agents, so access to the token does not guarantee access to the checks.\n\n### Patches\n\nFixed version is v0.12.0\n\nUsers are advised to rotate the agent tokens.\n\nAfter upgrading to version v0.12.0 or later, it\u0027s recommended that user\u0027s of distribution packages (e.g. Debian or RedHat and their derivatives) review the configuration stored in `/etc/synthetic-monitoring/synthetic-monitoring-agent.conf`, specifically the `API_TOKEN` variable which has been renamed to `SM_AGENT_API_TOKEN`.\n\n### Workarounds\n\nWith all previous versions, it\u0027s recommended that users review the agent settings and set the HTTP listening address in a manner that limits the exposure, for example, localhost or a non-routed network, by using the command line parameter `-listen-address`, e.g. `-listen-address localhost:4050`.\n\n### References\n\nThe following changes have been made to address this issue:\n\n- [Disable debug endpoint by default](https://github.com/grafana/synthetic-monitoring-agent/pull/373)\n- [Allow retrieving the token from the environment](https://github.com/grafana/synthetic-monitoring-agent/pull/374)\n- [Default to listening on localhost](https://github.com/grafana/synthetic-monitoring-agent/pull/375)\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* You can use the [Synthetic Monitoring Agent discussions](https://github.com/grafana/synthetic-monitoring-agent/discussions).\n* Issues should be reported in the [Synthetic Monitoring Agent issues](https://github.com/grafana/synthetic-monitoring-agent/issues).\n* Email us at [security@grafana.com](mailto:security@grafana.com).\n",
  "id": "GHSA-9j4f-f249-q5w8",
  "modified": "2024-11-18T16:27:10Z",
  "published": "2024-09-06T21:37:02Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/grafana/synthetic-monitoring-agent/security/advisories/GHSA-9j4f-f249-q5w8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46156"
    },
    {
      "type": "WEB",
      "url": "https://github.com/grafana/synthetic-monitoring-agent/pull/373"
    },
    {
      "type": "WEB",
      "url": "https://github.com/grafana/synthetic-monitoring-agent/pull/374"
    },
    {
      "type": "WEB",
      "url": "https://github.com/grafana/synthetic-monitoring-agent/pull/375"
    },
    {
      "type": "WEB",
      "url": "https://github.com/grafana/synthetic-monitoring-agent/commit/d8dc7f9c1c641881cbcf0a09e178b90ebf0f0228"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/grafana/synthetic-monitoring-agent"
    },
    {
      "type": "WEB",
      "url": "https://github.com/grafana/synthetic-monitoring-agent/releases/tag/v0.12.0"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2022-1132"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Default installation of `synthetic-monitoring-agent` exposes sensitive information"
}

Mitigation
Architecture and Design

If you must expose a method, make sure to perform input validation on all arguments, limit access to authorized parties, and protect against all possible vulnerabilities.

Mitigation
Architecture and Design Implementation

Strategy: Attack Surface Reduction

  • Identify all exposed functionality. Explicitly list all functionality that must be exposed to some user or set of users. Identify which functionality may be:
  • Ensure that the implemented code follows these expectations. This includes setting the appropriate access modifiers where applicable (public, private, protected, etc.) or not marking ActiveX controls safe-for-scripting.
  • accessible to all users
  • restricted to a small set of privileged users
  • prevented from being directly accessible at all
CAPEC-500: WebView Injection

An adversary, through a previously installed malicious application, injects code into the context of a web page displayed by a WebView component. Through the injected code, an adversary is able to manipulate the DOM tree and cookies of the page, expose sensitive information, and can launch attacks against the web application from within the web page.