Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1251 vulnerabilities reference this CWE, most recent first.

GHSA-XH52-RG2R-X4M5

Vulnerability from github – Published: 2022-08-20 00:00 – Updated: 2022-08-25 00:00
VLAI
Details

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2792"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-19T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "Emerson Electric\u0027s Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists.",
  "id": "GHSA-xh52-rg2r-x4m5",
  "modified": "2022-08-25T00:00:26Z",
  "published": "2022-08-20T00:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2792"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-06"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XHF8-M475-367R

Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2024-11-06 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

tipc: fix kernel warning when sending SYN message

When sending a SYN message, this kernel stack trace is observed:

... [ 13.396352] RIP: 0010:_copy_from_iter+0xb4/0x550 ... [ 13.398494] Call Trace: [ 13.398630] [ 13.398630] ? __alloc_skb+0xed/0x1a0 [ 13.398630] tipc_msg_build+0x12c/0x670 [tipc] [ 13.398630] ? shmem_add_to_page_cache.isra.71+0x151/0x290 [ 13.398630] __tipc_sendmsg+0x2d1/0x710 [tipc] [ 13.398630] ? tipc_connect+0x1d9/0x230 [tipc] [ 13.398630] ? __local_bh_enable_ip+0x37/0x80 [ 13.398630] tipc_connect+0x1d9/0x230 [tipc] [ 13.398630] ? __sys_connect+0x9f/0xd0 [ 13.398630] __sys_connect+0x9f/0xd0 [ 13.398630] ? preempt_count_add+0x4d/0xa0 [ 13.398630] ? fpregs_assert_state_consistent+0x22/0x50 [ 13.398630] __x64_sys_connect+0x16/0x20 [ 13.398630] do_syscall_64+0x42/0x90 [ 13.398630] entry_SYSCALL_64_after_hwframe+0x63/0xcd

It is because commit a41dad905e5a ("iov_iter: saner checks for attempt to copy to/from iterator") has introduced sanity check for copying from/to iov iterator. Lacking of copy direction from the iterator viewpoint would lead to kernel stack trace like above.

This commit fixes this issue by initializing the iov iterator with the correct copy direction when sending SYN or ACK without data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52700"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T16:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix kernel warning when sending SYN message\n\nWhen sending a SYN message, this kernel stack trace is observed:\n\n...\n[   13.396352] RIP: 0010:_copy_from_iter+0xb4/0x550\n...\n[   13.398494] Call Trace:\n[   13.398630]  \u003cTASK\u003e\n[   13.398630]  ? __alloc_skb+0xed/0x1a0\n[   13.398630]  tipc_msg_build+0x12c/0x670 [tipc]\n[   13.398630]  ? shmem_add_to_page_cache.isra.71+0x151/0x290\n[   13.398630]  __tipc_sendmsg+0x2d1/0x710 [tipc]\n[   13.398630]  ? tipc_connect+0x1d9/0x230 [tipc]\n[   13.398630]  ? __local_bh_enable_ip+0x37/0x80\n[   13.398630]  tipc_connect+0x1d9/0x230 [tipc]\n[   13.398630]  ? __sys_connect+0x9f/0xd0\n[   13.398630]  __sys_connect+0x9f/0xd0\n[   13.398630]  ? preempt_count_add+0x4d/0xa0\n[   13.398630]  ? fpregs_assert_state_consistent+0x22/0x50\n[   13.398630]  __x64_sys_connect+0x16/0x20\n[   13.398630]  do_syscall_64+0x42/0x90\n[   13.398630]  entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nIt is because commit a41dad905e5a (\"iov_iter: saner checks for attempt\nto copy to/from iterator\") has introduced sanity check for copying\nfrom/to iov iterator. Lacking of copy direction from the iterator\nviewpoint would lead to kernel stack trace like above.\n\nThis commit fixes this issue by initializing the iov iterator with\nthe correct copy direction when sending SYN or ACK without data.",
  "id": "GHSA-xhf8-m475-367r",
  "modified": "2024-11-06T18:31:04Z",
  "published": "2024-05-21T18:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52700"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/11a4d6f67cf55883dc78e31c247d1903ed7feccc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/54b6082aec178f16ad6d193b4ecdc9c4823d9a32"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XHG7-3M9V-PJFP

Vulnerability from github – Published: 2022-05-24 17:09 – Updated: 2022-07-13 00:00
VLAI
Details

controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-9381"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-24T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954.",
  "id": "GHSA-xhg7-3m9v-pjfp",
  "modified": "2022-07-13T00:00:52Z",
  "published": "2022-05-24T17:09:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9381"
    },
    {
      "type": "WEB",
      "url": "https://github.com/totaljs/cms/commit/2a26c4c6a61d3fda4527a761716ef7e1c5f7c970"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saddean/research/blob/master/totaljs/Broken-acces-control.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XHH9-3G8R-QGCP

Vulnerability from github – Published: 2021-12-07 00:00 – Updated: 2022-07-13 00:01
VLAI
Details

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-43043"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-06T04:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule.",
  "id": "GHSA-xhh9-3g8r-qgcp",
  "modified": "2022-07-13T00:01:43Z",
  "published": "2021-12-07T00:00:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43043"
    },
    {
      "type": "WEB",
      "url": "https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961"
    },
    {
      "type": "WEB",
      "url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1"
    },
    {
      "type": "WEB",
      "url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XP6H-V5W9-GWQX

Vulnerability from github – Published: 2022-07-13 00:01 – Updated: 2025-11-12 09:30
VLAI
Details

A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge Essential Intel (All versions < V2.7.3), SICAM GridEdge Essential with GDS ARM (All versions), SICAM GridEdge Essential with GDS Intel (All versions < V2.7.3). Affected software uses an improperly protected file to import SSH keys. Attackers with access to the filesystem of the host on which SICAM GridEdge runs, are able to inject a custom SSH key to that file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-34464"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-12T10:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge Essential Intel (All versions \u003c V2.7.3), SICAM GridEdge Essential with GDS ARM (All versions), SICAM GridEdge Essential with GDS Intel (All versions \u003c V2.7.3). Affected software uses an improperly protected file to import SSH keys. Attackers with access to the filesystem of the host on which SICAM GridEdge runs, are able to inject a custom SSH key to that file.",
  "id": "GHSA-xp6h-v5w9-gwqx",
  "modified": "2025-11-12T09:30:26Z",
  "published": "2022-07-13T00:01:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34464"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-225578.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-225578.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-XPCW-3W24-57XC

Vulnerability from github – Published: 2022-05-24 19:13 – Updated: 2022-07-13 00:01
VLAI
Details

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-30709"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-08T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.",
  "id": "GHSA-xpcw-3w24-57xc",
  "modified": "2022-07-13T00:01:24Z",
  "published": "2022-05-24T19:13:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30709"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212528"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212529"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212530"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212531"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XPFF-GFQX-47WG

Vulnerability from github – Published: 2022-04-28 00:00 – Updated: 2022-05-06 00:01
VLAI
Details

An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-27332"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-27T03:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS).",
  "id": "GHSA-xpff-gfqx-47wg",
  "modified": "2022-05-06T00:01:10Z",
  "published": "2022-04-28T00:00:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27332"
    },
    {
      "type": "WEB",
      "url": "https://zammad.com/en/advisories/zaa-2022-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XQCG-XX67-M64Q

Vulnerability from github – Published: 2022-01-11 00:01 – Updated: 2023-08-08 15:31
VLAI
Details

In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-42748"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-10T14:10:00Z",
    "severity": "MODERATE"
  },
  "details": "In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API.",
  "id": "GHSA-xqcg-xx67-m64q",
  "modified": "2023-08-08T15:31:31Z",
  "published": "2022-01-11T00:01:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42748"
    },
    {
      "type": "WEB",
      "url": "https://docs.wpbeaverbuilder.com/beaver-builder/developer/conditionally-hidden-content"
    },
    {
      "type": "WEB",
      "url": "https://tekfused.com/tek/vulnerability-research/beaver-builder-vulnerabilities-visibility-conditional-logic-cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XQX2-4RW6-WJ6P

Vulnerability from github – Published: 2022-07-13 00:01 – Updated: 2022-07-17 00:00
VLAI
Details

Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-33698"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-12T14:15:00Z",
    "severity": "LOW"
  },
  "details": "Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log.",
  "id": "GHSA-xqx2-4rw6-wj6p",
  "modified": "2022-07-17T00:00:45Z",
  "published": "2022-07-13T00:01:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33698"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XR5Q-JXHC-42XJ

Vulnerability from github – Published: 2022-05-24 19:21 – Updated: 2022-07-13 00:01
VLAI
Details

OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person's name.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-38378"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-22T09:15:00Z",
    "severity": "MODERATE"
  },
  "details": "OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person\u0027s name.",
  "id": "GHSA-xr5q-jxhc-42xj",
  "modified": "2022-07-13T00:01:35Z",
  "published": "2022-05-24T19:21:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38378"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2021/Nov/43"
    },
    {
      "type": "WEB",
      "url": "https://www.open-xchange.com"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-Scripting-Information-Disclosure.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.