Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1251 vulnerabilities reference this CWE, most recent first.

GHSA-X3V8-G92V-WP97

Vulnerability from github – Published: 2021-12-16 00:02 – Updated: 2023-08-08 15:31
VLAI
Details

Visual Basic for Applications Information Disclosure Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-42295"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-15T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Visual Basic for Applications Information Disclosure Vulnerability",
  "id": "GHSA-x3v8-g92v-wp97",
  "modified": "2023-08-08T15:31:24Z",
  "published": "2021-12-16T00:02:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42295"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42295"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X444-P8VV-928W

Vulnerability from github – Published: 2023-02-27 15:30 – Updated: 2023-03-09 15:30
VLAI
Details

Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-27265"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-27T15:15:00Z",
    "severity": "LOW"
  },
  "details": "Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the \"Regenerate Invite Id\" API endpoint, allowing an attacker with team admin privileges to learn the team owner\u0027s email address in the response.",
  "id": "GHSA-x444-p8vv-928w",
  "modified": "2023-03-09T15:30:50Z",
  "published": "2023-02-27T15:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27265"
    },
    {
      "type": "WEB",
      "url": "https://mattermost.com/security-updates"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X446-3XHQ-5XFP

Vulnerability from github – Published: 2022-04-15 00:00 – Updated: 2022-04-26 13:03
VLAI
Summary
Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon
Details

SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "Simple-Wayland-HotKey-Daemon"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-27814"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-04-26T13:03:51Z",
    "nvd_published_at": "2022-04-14T17:15:00Z",
    "severity": "LOW"
  },
  "details": "SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option.",
  "id": "GHSA-x446-3xhq-5xfp",
  "modified": "2022-04-26T13:03:51Z",
  "published": "2022-04-15T00:00:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27814"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/waycrate/swhkd"
    },
    {
      "type": "WEB",
      "url": "https://github.com/waycrate/swhkd/releases"
    },
    {
      "type": "WEB",
      "url": "https://github.com/waycrate/swhkd/releases/tag/1.2.0"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2022/04/14/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon"
}

GHSA-X4H7-RG57-2FQW

Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12
VLAI
Details

Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-18972"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-25T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via \u0027IsNextToken\u0027 in the component \u0027src/base/PdfToenizer.cpp\u0027.",
  "id": "GHSA-x4h7-rg57-2fqw",
  "modified": "2022-05-24T19:12:12Z",
  "published": "2022-05-24T19:12:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-18972"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/podofo/tickets/49"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-X4MX-M5P4-FMG7

Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36
VLAI
Details

A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-6872"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-08T00:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device.",
  "id": "GHSA-x4mx-m5p4-fmg7",
  "modified": "2022-05-13T01:36:23Z",
  "published": "2022-05-13T01:36:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6872"
    },
    {
      "type": "WEB",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99473"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X4W5-R546-X9QH

Vulnerability from github – Published: 2019-10-11 18:40 – Updated: 2022-01-04 19:51
VLAI
Summary
Arbitrary File Read in html-pdf
Details

All versions of html-pdf are vulnerable to Arbitrary File Read. The package fails to sanitize the HTML input, allowing attackers to exfiltrate server files by supplying malicious HTML code. XHR requests in the HTML code are executed by the server. Input with an XHR request such as request.open("GET","file:///etc/passwd") will result in a PDF document with the contents of /etc/passwd.

Recommendation

No fix is currently available. There is a mitigation available in the provided reference.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "html-pdf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-15138"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-668",
      "CWE-73",
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2019-09-25T12:39:43Z",
    "nvd_published_at": "2019-09-20T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "All versions of `html-pdf` are vulnerable to Arbitrary File Read. The package fails to sanitize the HTML input, allowing attackers to exfiltrate server files by supplying malicious HTML code. XHR requests in the HTML code are executed by the server. Input with an XHR request such as `request.open(\"GET\",\"file:///etc/passwd\")` will result in a PDF document with the contents of `/etc/passwd`.\n\n\n## Recommendation\n\nNo fix is currently available. There is a mitigation available in the provided reference.",
  "id": "GHSA-x4w5-r546-x9qh",
  "modified": "2022-01-04T19:51:51Z",
  "published": "2019-10-11T18:40:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15138"
    },
    {
      "type": "WEB",
      "url": "https://github.com/marcbachmann/node-html-pdf/issues/530"
    },
    {
      "type": "WEB",
      "url": "https://github.com/marcbachmann/node-html-pdf/issues/530#issuecomment-535045123"
    },
    {
      "type": "WEB",
      "url": "https://github.com/marcbachmann/node-html-pdf/commit/c12d6977778014139183c9f8da7579fd7ac65362"
    },
    {
      "type": "WEB",
      "url": "https://github.com/marcbachmann/node-html-pdf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/marcbachmann/node-html-pdf/releases/tag/v3.0.1"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20191017-0005"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1095"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Arbitrary File Read in html-pdf"
}

GHSA-X53G-GCP2-FP24

Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-07-13 00:01
VLAI
Details

Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-35302"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-28T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information.",
  "id": "GHSA-x53g-gcp2-fp24",
  "modified": "2022-07-13T00:01:28Z",
  "published": "2022-05-24T19:06:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35302"
    },
    {
      "type": "WEB",
      "url": "https://zammad.com/en/advisories/zaa-2021-04"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X66F-CJPX-7PQ8

Vulnerability from github – Published: 2023-08-03 03:30 – Updated: 2024-04-04 06:30
VLAI
Details

Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33368"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-03T01:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes.",
  "id": "GHSA-x66f-cjpx-7pq8",
  "modified": "2024-04-04T06:30:08Z",
  "published": "2023-08-03T03:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33368"
    },
    {
      "type": "WEB",
      "url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33368"
    },
    {
      "type": "WEB",
      "url": "https://www.controlid.com.br/en/access-control/idsecure"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X6FR-Q2Q3-7FQ4

Vulnerability from github – Published: 2022-02-09 00:00 – Updated: 2022-10-06 00:00
VLAI
Details

In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-23331"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-08T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password.",
  "id": "GHSA-x6fr-q2q3-7fq4",
  "modified": "2022-10-06T00:00:58Z",
  "published": "2022-02-09T00:00:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23331"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dataease/dataease/issues/1618"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X6HG-QH4Q-23X7

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-07-13 00:01
VLAI
Details

IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passowrds of other users in the Windows AD enviornemnt when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-20488"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-16T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passowrds of other users in the Windows AD enviornemnt when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789.",
  "id": "GHSA-x6hg-qh4q-23x7",
  "modified": "2022-07-13T00:01:04Z",
  "published": "2022-05-24T19:05:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20488"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197789"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6464081"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.