CWE-668
DiscouragedExposure of Resource to Wrong Sphere
Abstraction: Class · Status: Draft
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
1252 vulnerabilities reference this CWE, most recent first.
GHSA-FPV6-F8JW-RC3R
Vulnerability from github – Published: 2021-09-23 23:17 – Updated: 2022-08-15 20:07Impact
Elvish's backend for the experimental web UI (started by elvish -web) hosts an endpoint that allows executing the code sent from the web UI.
The backend does not check the origin of requests correctly. As a result, if the user has the web UI backend open and visits a compromised or malicious website, the website can send arbitrary code to the endpoint in localhost.
Patches
All Elvish releases since 0.14.0 no longer include the experimental web UI, although it is still possible for the user to build a version from source that includes it.
The issue can be patched for previous versions by removing the web UI (found in web, pkg/web or pkg/prog/web, depending on the exact version).
Workarounds
Do not use the experimental web UI.
For more information
If you have any questions or comments about this advisory, please email xiaqqaix@gmail.com.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/elves/elvish"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.14.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-41088"
],
"database_specific": {
"cwe_ids": [
"CWE-346",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2021-09-23T21:06:47Z",
"nvd_published_at": "2021-09-23T20:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\n\nElvish\u0027s backend for the experimental web UI (started by `elvish -web`) hosts an endpoint that allows executing the code sent from the web UI.\n\nThe backend does not check the origin of requests correctly. As a result, if the user has the web UI backend open and visits a compromised or malicious website, the website can send arbitrary code to the endpoint in localhost.\n\n### Patches\n\nAll Elvish releases since 0.14.0 no longer include the experimental web UI, although it is still possible for the user to build a version from source that includes it.\n\nThe issue can be patched for previous versions by removing the web UI (found in web, pkg/web or pkg/prog/web, depending on the exact version).\n\n### Workarounds\n\nDo not use the experimental web UI.\n\n### For more information\n\nIf you have any questions or comments about this advisory, please email xiaqqaix@gmail.com.",
"id": "GHSA-fpv6-f8jw-rc3r",
"modified": "2022-08-15T20:07:49Z",
"published": "2021-09-23T23:17:33Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/elves/elvish/security/advisories/GHSA-fpv6-f8jw-rc3r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41088"
},
{
"type": "WEB",
"url": "https://github.com/elves/elvish/commit/ccc2750037bbbfafe9c1b7a78eadd3bd16e81fe5"
},
{
"type": "PACKAGE",
"url": "https://github.com/elves/elvish"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Elvish vulnerable to remote code execution via the web UI backend"
}
GHSA-FPV7-MHHR-H93X
Vulnerability from github – Published: 2022-02-10 00:00 – Updated: 2023-06-29 06:30Microsoft Office Information Disclosure Vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-23252"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-09T17:15:00Z",
"severity": "MODERATE"
},
"details": "Microsoft Office Information Disclosure Vulnerability.",
"id": "GHSA-fpv7-mhhr-h93x",
"modified": "2023-06-29T06:30:17Z",
"published": "2022-02-10T00:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23252"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23252"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23252"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FQ5M-CP8F-255J
Vulnerability from github – Published: 2022-05-24 17:33 – Updated: 2022-05-24 17:33A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. The vulnerability is due to incorrect authorization enforcement on an affected system. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.
{
"affected": [],
"aliases": [
"CVE-2020-26084"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-06T19:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. The vulnerability is due to incorrect authorization enforcement on an affected system. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.",
"id": "GHSA-fq5m-cp8f-255j",
"modified": "2022-05-24T17:33:18Z",
"published": "2022-05-24T17:33:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26084"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-eff-incperm-9E6h4yBz"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-FQ7V-XJ92-R9MR
Vulnerability from github – Published: 2022-03-02 00:00 – Updated: 2025-05-30 18:30An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator.
{
"affected": [],
"aliases": [
"CVE-2022-24446"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-01T02:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator.",
"id": "GHSA-fq7v-xj92-r9mr",
"modified": "2025-05-30T18:30:42Z",
"published": "2022-03-02T00:00:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24446"
},
{
"type": "WEB",
"url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2022-24446"
},
{
"type": "WEB",
"url": "https://excellium-services.com/cert-xlm-advisory"
},
{
"type": "WEB",
"url": "https://excellium-services.com/cert-xlm-advisory/cve-2022-24446"
},
{
"type": "WEB",
"url": "https://www.manageengine.com/key-manager"
},
{
"type": "WEB",
"url": "https://www.manageengine.com/key-manager/release-notes.html#6200"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FQ83-F496-R75H
Vulnerability from github – Published: 2022-07-05 00:00 – Updated: 2022-07-13 00:01Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product.
{
"affected": [],
"aliases": [
"CVE-2022-28713"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-04T07:15:00Z",
"severity": "MODERATE"
},
"details": "Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product.",
"id": "GHSA-fq83-f496-r75h",
"modified": "2022-07-13T00:01:53Z",
"published": "2022-07-05T00:00:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28713"
},
{
"type": "WEB",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FQ84-CHPX-FM5F
Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-07-13 00:01Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege.
{
"affected": [],
"aliases": [
"CVE-2021-20755"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-18T06:15:00Z",
"severity": "MODERATE"
},
"details": "Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege.",
"id": "GHSA-fq84-chpx-fm5f",
"modified": "2022-07-13T00:01:06Z",
"published": "2022-05-24T19:11:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20755"
},
{
"type": "WEB",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FQCP-358Q-WG2P
Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-05-13 01:50An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by leveraging multiple unspecified attack vectors.
{
"affected": [],
"aliases": [
"CVE-2018-15591"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-15T16:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by leveraging multiple unspecified attack vectors.",
"id": "GHSA-fqcp-358q-wg2p",
"modified": "2022-05-13T01:50:10Z",
"published": "2022-05-13T01:50:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15591"
},
{
"type": "WEB",
"url": "https://community.ivanti.com/docs/DOC-69684"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2018/Oct/8"
},
{
"type": "WEB",
"url": "https://www.securify.nl/en/advisory/SFY20180806/ivanti-workspace-control-application-whitelist-bypass-via-powergrid-_see-command-line-argument.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/149614/Ivanti-Workspace-Control-Application-PowerGrid-SEE-Whitelist-Bypass.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2018/Oct/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FQHM-44XP-628C
Vulnerability from github – Published: 2022-03-19 00:00 – Updated: 2022-03-29 00:01A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.
{
"affected": [],
"aliases": [
"CVE-2022-22583"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-18T18:15:00Z",
"severity": "MODERATE"
},
"details": "A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.",
"id": "GHSA-fqhm-44xp-628c",
"modified": "2022-03-29T00:01:35Z",
"published": "2022-03-19T00:00:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22583"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213054"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213055"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213056"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FR28-P2JH-93MM
Vulnerability from github – Published: 2023-04-15 21:30 – Updated: 2024-04-04 03:29An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn't because they are hidden.) This is related to ApiVisualEditor.
{
"affected": [],
"aliases": [
"CVE-2021-30153"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-15T20:16:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn\u0027t because they are hidden.) This is related to ApiVisualEditor.",
"id": "GHSA-fr28-p2jh-93mm",
"modified": "2024-04-04T03:29:16Z",
"published": "2023-04-15T21:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30153"
},
{
"type": "WEB",
"url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/message/XYBF5RSTJRMVCP7QBYK7643W75A3KCIY"
},
{
"type": "WEB",
"url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/message/XYBF5RSTJRMVCP7QBYK7643W75A3KCIY"
},
{
"type": "WEB",
"url": "https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html"
},
{
"type": "WEB",
"url": "https://phabricator.wikimedia.org/T270453"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FRCG-47MH-PJ2G
Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2024-03-27 18:32curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.
{
"affected": [],
"aliases": [
"CVE-2021-22897"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-11T16:15:00Z",
"severity": "MODERATE"
},
"details": "curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single \"static\" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.",
"id": "GHSA-frcg-47mh-pj2g",
"modified": "2024-03-27T18:32:37Z",
"published": "2022-05-24T19:05:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22897"
},
{
"type": "WEB",
"url": "https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1172857"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"type": "WEB",
"url": "https://curl.se/docs/CVE-2021-22897.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210727-0007"
},
{
"type": "WEB",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.