Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1251 vulnerabilities reference this CWE, most recent first.

GHSA-QPVG-XQX2-4327

Vulnerability from github – Published: 2022-06-15 00:00 – Updated: 2022-06-24 00:00
VLAI
Details

A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-31847"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-14T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request.",
  "id": "GHSA-qpvg-xqx2-4327",
  "modified": "2022-06-24T00:00:32Z",
  "published": "2022-06-15T00:00:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31847"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pghuanghui/CVE_Request/blob/main/WAVLINK%20WN579%20X3__Sensitive%20information%20leakage.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QPWJ-FCQ8-GVWH

Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03
VLAI
Details

EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.php.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-6880"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-12T03:29:00Z",
    "severity": "MODERATE"
  },
  "details": "EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.php.",
  "id": "GHSA-qpwj-fcq8-gvwh",
  "modified": "2022-05-13T01:03:34Z",
  "published": "2022-05-13T01:03:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6880"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kongxin520/EmpireCMS/blob/master/EmpireCMS.md"
    },
    {
      "type": "WEB",
      "url": "https://kongxin.gitbook.io/empirecms"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QQ2W-VPGQ-JP7X

Vulnerability from github – Published: 2022-02-26 00:00 – Updated: 2023-08-08 15:31
VLAI
Details

In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-24336"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-25T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.",
  "id": "GHSA-qq2w-vpgq-jp7x",
  "modified": "2023-08-08T15:31:44Z",
  "published": "2022-02-26T00:00:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24336"
    },
    {
      "type": "WEB",
      "url": "https://blog.jetbrains.com"
    },
    {
      "type": "WEB",
      "url": "https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QQ5J-V6JH-6XGC

Vulnerability from github – Published: 2022-09-09 00:00 – Updated: 2022-09-15 00:00
VLAI
Details

Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-38400"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-08T08:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL.",
  "id": "GHSA-qq5j-v6jh-6xgc",
  "modified": "2022-09-15T00:00:20Z",
  "published": "2022-09-09T00:00:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38400"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN34205166/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.synck.com/blogs/news/newsroom/detail_1661907555.html"
    },
    {
      "type": "WEB",
      "url": "https://www.synck.com/downloads/cgi-perl/mailformpro/feature_1381250709.html"
    },
    {
      "type": "WEB",
      "url": "https://www.synck.com/downloads/cgi-perl/mailformpro/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QQQ7-4HXC-X63C

Vulnerability from github – Published: 2026-04-09 17:32 – Updated: 2026-05-06 20:04
VLAI
Summary
OpenClaw: Shared reply MEDIA - paths are treated as trusted and can trigger cross-channel local file exfiltration
Details

Impact

Shared reply MEDIA: paths are treated as trusted and can trigger cross-channel local file exfiltration.

A crafted shared reply MEDIA reference could cause another channel to read a local file path as trusted generated media.

OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected versions: <=2026.4.4
  • Patched versions: 2026.4.8

Fix

The issue was fixed on main and is available in the patched npm version listed above. The verified fixed tree is commit d7c3210cd6f5fdfdc1beff4c9541673e814354d5.

Verification

The fix was re-checked against main before publication, including targeted regression tests for the affected security boundary.

Credits

Thanks @threalwinky for reporting.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.4.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42424"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668",
      "CWE-73"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-09T17:32:58Z",
    "nvd_published_at": "2026-04-28T19:37:46Z",
    "severity": "MODERATE"
  },
  "details": "## Impact\n\nShared reply MEDIA: paths are treated as trusted and can trigger cross-channel local file exfiltration.\n\nA crafted shared reply MEDIA reference could cause another channel to read a local file path as trusted generated media.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `\u003c=2026.4.4`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @threalwinky for reporting.",
  "id": "GHSA-qqq7-4hxc-x63c",
  "modified": "2026-05-06T20:04:11Z",
  "published": "2026-04-09T17:32:58Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qqq7-4hxc-x63c"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42424"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-local-file-exfiltration-via-shared-reply-media-paths"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw: Shared reply MEDIA - paths are treated as trusted and can trigger cross-channel local file exfiltration"
}

GHSA-QRCX-R22R-R6XM

Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2022-05-24 17:18
VLAI
Details

An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-9291"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-01T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.",
  "id": "GHSA-qrcx-r22r-r6xm",
  "modified": "2022-05-24T17:18:56Z",
  "published": "2022-05-24T17:18:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9291"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/psirt/FG-IR-20-040"
    },
    {
      "type": "WEB",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-040"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QRG9-F472-QWFM

Vulnerability from github – Published: 2021-06-28 16:55 – Updated: 2021-06-24 19:46
VLAI
Summary
Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19
Details

Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), and 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows network attacker to enumerate all available routes via crafted HTTP request when application is running in production mode and no custom handler for NotFoundException is provided.

  • https://vaadin.com/security/cve-2021-31412
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 10.0.18"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "com.vaadin:vaadin-bom"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.0.0"
            },
            {
              "fixed": "10.0.19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 14.0.0"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "com.vaadin:vaadin-bom"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.0"
            },
            {
              "fixed": "14.6.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 19.0.8"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "com.vaadin:vaadin-bom"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "15.0.0"
            },
            {
              "fixed": "19.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-31412"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1295",
      "CWE-20",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-06-24T19:46:19Z",
    "nvd_published_at": "2021-06-24T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper sanitization of path in default `RouteNotFoundError` view in `com.vaadin:flow-server` versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), and 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows network attacker to enumerate all available routes via crafted HTTP request when application is running in production mode and no custom handler for `NotFoundException` is provided.\n\n- https://vaadin.com/security/cve-2021-31412",
  "id": "GHSA-qrg9-f472-qwfm",
  "modified": "2021-06-24T19:46:19Z",
  "published": "2021-06-28T16:55:58Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/vaadin/platform/security/advisories/GHSA-qrg9-f472-qwfm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31412"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vaadin/flow/pull/11107"
    },
    {
      "type": "WEB",
      "url": "https://vaadin.com/security/cve-2021-31412"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19"
}

GHSA-QRGF-2V3C-GV8M

Vulnerability from github – Published: 2021-12-16 00:01 – Updated: 2022-07-13 00:01
VLAI
Details

In requestRouteToHostAddress of ConnectivityService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193801134

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-0994"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-15T19:15:00Z",
    "severity": "LOW"
  },
  "details": "In requestRouteToHostAddress of ConnectivityService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193801134",
  "id": "GHSA-qrgf-2v3c-gv8m",
  "modified": "2022-07-13T00:01:00Z",
  "published": "2021-12-16T00:01:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0994"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2021-12-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QV29-RJWJ-JJRM

Vulnerability from github – Published: 2023-01-01 06:30 – Updated: 2023-01-09 15:30
VLAI
Details

lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that "we will report back to the user that the open() failed but the user has no way of knowing why it failed"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-47952"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-01T06:15:00Z",
    "severity": "LOW"
  },
  "details": "lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because \"Failed to open\" often indicates that a file does not exist, whereas \"does not refer to a network namespace path\" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that \"we will report back to the user that the open() failed but the user has no way of knowing why it failed\"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.",
  "id": "GHSA-qv29-rjwj-jjrm",
  "modified": "2023-01-09T15:30:23Z",
  "published": "2023-01-01T06:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47952"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591/comments/45"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MaherAzzouzi/CVE-2022-47952"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/lxc.spec.in#L274"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/src/lxc/cmd/lxc_user_nic.c#L1085-L1104"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00025.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QV68-C8R2-QJC7

Vulnerability from github – Published: 2022-10-12 12:00 – Updated: 2025-01-03 00:31
VLAI
Details

Windows Mixed Reality Developer Tools Information Disclosure Vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-37974"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-11T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Windows Mixed Reality Developer Tools Information Disclosure Vulnerability.",
  "id": "GHSA-qv68-c8r2-qjc7",
  "modified": "2025-01-03T00:31:05Z",
  "published": "2022-10-12T12:00:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37974"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37974"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37974"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.