Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1252 vulnerabilities reference this CWE, most recent first.

GHSA-FPV6-F8JW-RC3R

Vulnerability from github – Published: 2021-09-23 23:17 – Updated: 2022-08-15 20:07
VLAI
Summary
Elvish vulnerable to remote code execution via the web UI backend
Details

Impact

Elvish's backend for the experimental web UI (started by elvish -web) hosts an endpoint that allows executing the code sent from the web UI.

The backend does not check the origin of requests correctly. As a result, if the user has the web UI backend open and visits a compromised or malicious website, the website can send arbitrary code to the endpoint in localhost.

Patches

All Elvish releases since 0.14.0 no longer include the experimental web UI, although it is still possible for the user to build a version from source that includes it.

The issue can be patched for previous versions by removing the web UI (found in web, pkg/web or pkg/prog/web, depending on the exact version).

Workarounds

Do not use the experimental web UI.

For more information

If you have any questions or comments about this advisory, please email xiaqqaix@gmail.com.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/elves/elvish"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.14.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-41088"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-346",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-09-23T21:06:47Z",
    "nvd_published_at": "2021-09-23T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nElvish\u0027s backend for the experimental web UI (started by `elvish -web`) hosts an endpoint that allows executing the code sent from the web UI.\n\nThe backend does not check the origin of requests correctly. As a result, if the user has the web UI backend open and visits a compromised or malicious website, the website can send arbitrary code to the endpoint in localhost.\n\n### Patches\n\nAll Elvish releases since 0.14.0 no longer include the experimental web UI, although it is still possible for the user to build a version from source that includes it.\n\nThe issue can be patched for previous versions by removing the web UI (found in web, pkg/web or pkg/prog/web, depending on the exact version).\n\n### Workarounds\n\nDo not use the experimental web UI.\n\n### For more information\n\nIf you have any questions or comments about this advisory, please email xiaqqaix@gmail.com.",
  "id": "GHSA-fpv6-f8jw-rc3r",
  "modified": "2022-08-15T20:07:49Z",
  "published": "2021-09-23T23:17:33Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/elves/elvish/security/advisories/GHSA-fpv6-f8jw-rc3r"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41088"
    },
    {
      "type": "WEB",
      "url": "https://github.com/elves/elvish/commit/ccc2750037bbbfafe9c1b7a78eadd3bd16e81fe5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/elves/elvish"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Elvish vulnerable to remote code execution via the web UI backend"
}

GHSA-FPV7-MHHR-H93X

Vulnerability from github – Published: 2022-02-10 00:00 – Updated: 2023-06-29 06:30
VLAI
Details

Microsoft Office Information Disclosure Vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-23252"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-09T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft Office Information Disclosure Vulnerability.",
  "id": "GHSA-fpv7-mhhr-h93x",
  "modified": "2023-06-29T06:30:17Z",
  "published": "2022-02-10T00:00:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23252"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23252"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23252"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FQ5M-CP8F-255J

Vulnerability from github – Published: 2022-05-24 17:33 – Updated: 2022-05-24 17:33
VLAI
Details

A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. The vulnerability is due to incorrect authorization enforcement on an affected system. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-26084"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-06T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. The vulnerability is due to incorrect authorization enforcement on an affected system. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.",
  "id": "GHSA-fq5m-cp8f-255j",
  "modified": "2022-05-24T17:33:18Z",
  "published": "2022-05-24T17:33:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26084"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-eff-incperm-9E6h4yBz"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-FQ7V-XJ92-R9MR

Vulnerability from github – Published: 2022-03-02 00:00 – Updated: 2025-05-30 18:30
VLAI
Details

An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-24446"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-01T02:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator.",
  "id": "GHSA-fq7v-xj92-r9mr",
  "modified": "2025-05-30T18:30:42Z",
  "published": "2022-03-02T00:00:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24446"
    },
    {
      "type": "WEB",
      "url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2022-24446"
    },
    {
      "type": "WEB",
      "url": "https://excellium-services.com/cert-xlm-advisory"
    },
    {
      "type": "WEB",
      "url": "https://excellium-services.com/cert-xlm-advisory/cve-2022-24446"
    },
    {
      "type": "WEB",
      "url": "https://www.manageengine.com/key-manager"
    },
    {
      "type": "WEB",
      "url": "https://www.manageengine.com/key-manager/release-notes.html#6200"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FQ83-F496-R75H

Vulnerability from github – Published: 2022-07-05 00:00 – Updated: 2022-07-13 00:01
VLAI
Details

Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-28713"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-04T07:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product.",
  "id": "GHSA-fq83-f496-r75h",
  "modified": "2022-07-13T00:01:53Z",
  "published": "2022-07-05T00:00:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28713"
    },
    {
      "type": "WEB",
      "url": "https://cs.cybozu.co.jp/2022/007429.html"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN73897863/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FQ84-CHPX-FM5F

Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-07-13 00:01
VLAI
Details

Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-20755"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-18T06:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege.",
  "id": "GHSA-fq84-chpx-fm5f",
  "modified": "2022-07-13T00:01:06Z",
  "published": "2022-05-24T19:11:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20755"
    },
    {
      "type": "WEB",
      "url": "https://cs.cybozu.co.jp/2021/007206.html"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN54794245/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FQCP-358Q-WG2P

Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-05-13 01:50
VLAI
Details

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by leveraging multiple unspecified attack vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-15591"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-15T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by leveraging multiple unspecified attack vectors.",
  "id": "GHSA-fqcp-358q-wg2p",
  "modified": "2022-05-13T01:50:10Z",
  "published": "2022-05-13T01:50:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15591"
    },
    {
      "type": "WEB",
      "url": "https://community.ivanti.com/docs/DOC-69684"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2018/Oct/8"
    },
    {
      "type": "WEB",
      "url": "https://www.securify.nl/en/advisory/SFY20180806/ivanti-workspace-control-application-whitelist-bypass-via-powergrid-_see-command-line-argument.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/149614/Ivanti-Workspace-Control-Application-PowerGrid-SEE-Whitelist-Bypass.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2018/Oct/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FQHM-44XP-628C

Vulnerability from github – Published: 2022-03-19 00:00 – Updated: 2022-03-29 00:01
VLAI
Details

A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-22583"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-18T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.",
  "id": "GHSA-fqhm-44xp-628c",
  "modified": "2022-03-29T00:01:35Z",
  "published": "2022-03-19T00:00:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22583"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213054"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213055"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213056"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FR28-P2JH-93MM

Vulnerability from github – Published: 2023-04-15 21:30 – Updated: 2024-04-04 03:29
VLAI
Details

An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn't because they are hidden.) This is related to ApiVisualEditor.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-30153"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-15T20:16:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn\u0027t because they are hidden.) This is related to ApiVisualEditor.",
  "id": "GHSA-fr28-p2jh-93mm",
  "modified": "2024-04-04T03:29:16Z",
  "published": "2023-04-15T21:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30153"
    },
    {
      "type": "WEB",
      "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/message/XYBF5RSTJRMVCP7QBYK7643W75A3KCIY"
    },
    {
      "type": "WEB",
      "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/message/XYBF5RSTJRMVCP7QBYK7643W75A3KCIY"
    },
    {
      "type": "WEB",
      "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html"
    },
    {
      "type": "WEB",
      "url": "https://phabricator.wikimedia.org/T270453"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FRCG-47MH-PJ2G

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2024-03-27 18:32
VLAI
Details

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22897"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-11T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single \"static\" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.",
  "id": "GHSA-frcg-47mh-pj2g",
  "modified": "2024-03-27T18:32:37Z",
  "published": "2022-05-24T19:05:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22897"
    },
    {
      "type": "WEB",
      "url": "https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1172857"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
    },
    {
      "type": "WEB",
      "url": "https://curl.se/docs/CVE-2021-22897.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210727-0007"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.