Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1251 vulnerabilities reference this CWE, most recent first.

GHSA-VXJX-P5M9-Q5FR

Vulnerability from github – Published: 2021-11-25 00:00 – Updated: 2022-07-13 00:01
VLAI
Details

Azure Active Directory Information Disclosure Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-42306"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-522",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-24T01:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Azure Active Directory Information Disclosure Vulnerability",
  "id": "GHSA-vxjx-p5m9-q5fr",
  "modified": "2022-07-13T00:01:42Z",
  "published": "2021-11-25T00:00:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42306"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42306"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VXMC-QG5X-PVFX

Vulnerability from github – Published: 2022-12-14 21:30 – Updated: 2025-04-21 22:51
VLAI
Summary
"Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data
Details

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "fixpunkt/fp-newsletter"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "fixpunkt/fp-newsletter"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.2.0"
            },
            {
              "fixed": "2.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "fixpunkt/fp-newsletter"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.2.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-47410"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-21T22:51:49Z",
    "nvd_published_at": "2022-12-14T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations.",
  "id": "GHSA-vxmc-qg5x-pvfx",
  "modified": "2025-04-21T22:51:49Z",
  "published": "2022-12-14T21:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47410"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/bihor/fp_newsletter"
    },
    {
      "type": "WEB",
      "url": "https://typo3.org/security/advisory/typo3-ext-sa-2022-017"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": " \"Newsletter subscriber management\" (fp_newsletter) TYPO3 extension leaks subscriber data"
}

GHSA-VXMX-VJ5X-4642

Vulnerability from github – Published: 2022-07-18 00:00 – Updated: 2022-07-19 00:00
VLAI
Details

Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-25357"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-17T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.",
  "id": "GHSA-vxmx-vj5x-4642",
  "modified": "2022-07-19T00:00:28Z",
  "published": "2022-07-18T00:00:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25357"
    },
    {
      "type": "WEB",
      "url": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-25357"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VXP2-RM45-4PJG

Vulnerability from github – Published: 2021-11-17 19:13 – Updated: 2022-05-12 00:01
VLAI
Details

PSP protection against improperly configured side channels may lead to potential information disclosure. This issue affects: AMD 1st Gen AMD EPYC™ versions prior to NaplesPI-SP3_1.0.0.G. AMD 2nd Gen AMD EPYC™ versions prior to RomePI-SP3_1.0.0.C. AMD 3rd Gen AMD EPYC™ versions prior to MilanPI-SP3_1.0.0.4.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-26312"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-16T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "PSP protection against improperly configured side channels may lead to potential information disclosure. This issue affects: AMD 1st Gen AMD EPYC\u2122 versions prior to NaplesPI-SP3_1.0.0.G. AMD 2nd Gen AMD EPYC\u2122 versions prior to RomePI-SP3_1.0.0.C. AMD 3rd Gen AMD EPYC\u2122 versions prior to MilanPI-SP3_1.0.0.4.",
  "id": "GHSA-vxp2-rm45-4pjg",
  "modified": "2022-05-12T00:01:44Z",
  "published": "2021-11-17T19:13:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26312"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W23Q-4HW3-2PP6

Vulnerability from github – Published: 2023-09-06 18:43 – Updated: 2023-09-06 18:43
VLAI
Summary
Minio vulnerable to Privilege Escalation on Windows via Path separator manipulation
Details

Impact

All users on Windows are impacted. MinIO fails to filter the \ character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key, service account, or STS credential, which only has permission to PutObject in a specific bucket, can create an admin user.

Patches

There are two patches that fix this problem comprehensively

commit b3c54ec81e0a06392abfb3a1ffcdc80c6fbf6ebc
Author: Harshavardhana <harsha@minio.io>
Date:   Mon Mar 20 13:16:00 2023 -0700

    reject object names with '\' on windows (#16856)
commit 8d6558b23649f613414c8527b58973fbdfa4d1b8
Author: Harshavardhana <harsha@minio.io>
Date:   Mon Mar 20 00:35:25 2023 -0700

    fix: convert '\' to '/' on windows (#16852)

Workarounds

There are no known workarounds

References

The vulnerable code:

// minio/cmd/generic-handlers.go
// Check if the incoming path has bad path components,
// such as ".." and "."
// SlashSeparator -> /
// dotdotComponent -> ..
// dotComponent -> .
func hasBadPathComponent(path string) bool {
  path = strings.TrimSpace(path)
  for _, p := range strings.Split(path, SlashSeparator) {
    switch strings.TrimSpace(p) {
    case dotdotComponent:
      return true
    case dotComponent:
      return true
    }
  }
  return false
}
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/minio/minio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-202303200735"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-28433"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-06T18:43:13Z",
    "nvd_published_at": "2023-03-22T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nAll users on Windows are impacted. MinIO fails to filter the `\\` character, which allows for arbitrary object placement across\nbuckets. As a result, a user with low privileges, such as an access key, service account, or STS credential, which only has permission to `PutObject` in a specific bucket, can create an admin user.\n\n### Patches\nThere are two patches that fix this problem comprehensively\n\n```\ncommit b3c54ec81e0a06392abfb3a1ffcdc80c6fbf6ebc\nAuthor: Harshavardhana \u003charsha@minio.io\u003e\nDate:   Mon Mar 20 13:16:00 2023 -0700\n\n    reject object names with \u0027\\\u0027 on windows (#16856)\n```\n\n```\ncommit 8d6558b23649f613414c8527b58973fbdfa4d1b8\nAuthor: Harshavardhana \u003charsha@minio.io\u003e\nDate:   Mon Mar 20 00:35:25 2023 -0700\n\n    fix: convert \u0027\\\u0027 to \u0027/\u0027 on windows (#16852)\n```\n\n### Workarounds\nThere are no known workarounds\n\n### References\nThe vulnerable code:\n```go\n// minio/cmd/generic-handlers.go\n// Check if the incoming path has bad path components,\n// such as \"..\" and \".\"\n// SlashSeparator -\u003e /\n// dotdotComponent -\u003e ..\n// dotComponent -\u003e .\nfunc hasBadPathComponent(path string) bool {\n  path = strings.TrimSpace(path)\n  for _, p := range strings.Split(path, SlashSeparator) {\n    switch strings.TrimSpace(p) {\n    case dotdotComponent:\n      return true\n    case dotComponent:\n      return true\n    }\n  }\n  return false\n}\n```\n",
  "id": "GHSA-w23q-4hw3-2pp6",
  "modified": "2023-09-06T18:43:13Z",
  "published": "2023-09-06T18:43:13Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/minio/minio/security/advisories/GHSA-w23q-4hw3-2pp6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28433"
    },
    {
      "type": "WEB",
      "url": "https://github.com/minio/minio/commit/8d6558b23649f613414c8527b58973fbdfa4d1b8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/minio/minio/commit/b3c54ec81e0a06392abfb3a1ffcdc80c6fbf6ebc"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/minio/minio"
    },
    {
      "type": "WEB",
      "url": "https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Minio vulnerable to Privilege Escalation on Windows via Path separator manipulation"
}

GHSA-W2FX-FP33-FVMP

Vulnerability from github – Published: 2022-05-24 19:08 – Updated: 2022-07-13 00:01
VLAI
Details

IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-20500"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-15T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980.",
  "id": "GHSA-w2fx-fp33-fvmp",
  "modified": "2022-07-13T00:01:04Z",
  "published": "2022-05-24T19:08:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20500"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197980"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6471895"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W2GJ-35CX-6H66

Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-05-24 19:19
VLAI
Details

A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause core dump.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22454"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668",
      "CWE-674"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-28T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause core dump.",
  "id": "GHSA-w2gj-35cx-6h66",
  "modified": "2022-05-24T19:19:09Z",
  "published": "2022-05-24T19:19:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22454"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202107-0000001123874808"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W2RF-V2FH-5MJH

Vulnerability from github – Published: 2023-06-07 18:30 – Updated: 2024-04-04 04:39
VLAI
Details

An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. It was possible to disclose issue notes to an unauthorized user at project export.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-1825"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-201",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-07T17:15:09Z",
    "severity": "MODERATE"
  },
  "details": "An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. It was possible to disclose issue notes to an unauthorized user at project export.",
  "id": "GHSA-w2rf-v2fh-5mjh",
  "modified": "2024-04-04T04:39:31Z",
  "published": "2023-06-07T18:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1825"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1825.json"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/384035"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W2V4-MPJ8-9X8M

Vulnerability from github – Published: 2022-04-21 01:50 – Updated: 2022-04-21 01:50
VLAI
Details

Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-2544"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-27T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise.",
  "id": "GHSA-w2v4-mpj8-9x8m",
  "modified": "2022-04-21T01:50:56Z",
  "published": "2022-04-21T01:50:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2544"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=213135"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-W2XC-2255-85HM

Vulnerability from github – Published: 2022-05-24 17:13 – Updated: 2022-07-13 00:00
VLAI
Details

This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-3917"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-01T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks.",
  "id": "GHSA-w2xc-2255-85hm",
  "modified": "2022-07-13T00:00:51Z",
  "published": "2022-05-24T17:13:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3917"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211101"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211102"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211103"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.