Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1252 vulnerabilities reference this CWE, most recent first.

GHSA-GC62-J469-9GJM

Vulnerability from github – Published: 2022-05-24 16:47 – Updated: 2023-08-01 23:31
VLAI
Summary
Rancher Privilege Escalation Vulnerability
Details

In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as /root/.kube/config or /var/lib/rancher/management-state/cred/kubeconfig-system.yaml.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/rancher"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.2.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/rancher"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.27"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-12274"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-01T23:31:39Z",
    "nvd_published_at": "2019-06-06T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as /root/.kube/config or /var/lib/rancher/management-state/cred/kubeconfig-system.yaml.",
  "id": "GHSA-gc62-j469-9gjm",
  "modified": "2023-08-01T23:31:39Z",
  "published": "2022-05-24T16:47:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12274"
    },
    {
      "type": "WEB",
      "url": "https://forums.rancher.com/t/rancher-release-v2-2-4-addresses-rancher-cve-2019-12274-and-cve-2019-12303/14466"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Rancher Privilege Escalation Vulnerability"
}

GHSA-GC7P-GG9X-38QQ

Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2025-03-31 12:30
VLAI
Details

ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-36252"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-19T07:15:00Z",
    "severity": "MODERATE"
  },
  "details": "ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.",
  "id": "GHSA-gc7p-gg9x-38qq",
  "modified": "2025-03-31T12:30:44Z",
  "published": "2022-05-24T17:42:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36252"
    },
    {
      "type": "WEB",
      "url": "https://owncloud.com/security-advisories/access-to-all-file-versions"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GC9M-33CP-RMPJ

Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2025-10-22 00:32
VLAI
Details

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-20123"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-13T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.",
  "id": "GHSA-gc9m-33cp-rmpj",
  "modified": "2025-10-22T00:32:25Z",
  "published": "2022-05-24T19:17:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20123"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20123"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/research/tra-2021-42"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GCQ7-GW4P-W9R8

Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-07-13 00:01
VLAI
Details

Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-20763"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-18T06:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege.",
  "id": "GHSA-gcq7-gw4p-w9r8",
  "modified": "2022-07-13T00:01:06Z",
  "published": "2022-05-24T19:11:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20763"
    },
    {
      "type": "WEB",
      "url": "https://cs.cybozu.co.jp/2021/007206.html"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN54794245/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GCW2-HF24-M7FV

Vulnerability from github – Published: 2022-05-13 00:00 – Updated: 2022-06-02 00:00
VLAI
Details

An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-26366"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-12T18:16:00Z",
    "severity": "HIGH"
  },
  "details": "An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity.",
  "id": "GHSA-gcw2-hf24-m7fv",
  "modified": "2022-06-02T00:00:13Z",
  "published": "2022-05-13T00:00:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26366"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GFCH-5J2V-MQ4F

Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2022-07-13 00:01
VLAI
Details

In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-43196"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-09T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.",
  "id": "GHSA-gfch-5j2v-mq4f",
  "modified": "2022-07-13T00:01:43Z",
  "published": "2022-05-24T19:20:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43196"
    },
    {
      "type": "WEB",
      "url": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GFWJ-FWQJ-FP3V

Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2023-07-19 14:39
VLAI
Summary
Improper Privilege Management in Spring Framework
Details

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 5.2.14"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework:spring-web"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.2.0"
            },
            {
              "fixed": "5.2.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 5.3.6"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework:spring-web"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.3.0"
            },
            {
              "fixed": "5.3.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-22118"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-22T18:24:11Z",
    "nvd_published_at": "2021-05-27T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.",
  "id": "GHSA-gfwj-fwqj-fp3v",
  "modified": "2023-07-19T14:39:30Z",
  "published": "2022-05-24T19:03:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22118"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/issues/26931"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/0d0d75e25322d8161002d861fff3ec04ba8be5ac"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/cce60c479c22101f24b2b4abebb6d79440b120d1"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/spring-projects/spring-framework"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210713-0005"
    },
    {
      "type": "WEB",
      "url": "https://spring.io/security/cve-2021-22118"
    },
    {
      "type": "WEB",
      "url": "https://tanzu.vmware.com/security/cve-2021-22118"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Privilege Management in Spring Framework"
}

GHSA-GG48-X253-W5V2

Vulnerability from github – Published: 2022-01-04 00:00 – Updated: 2023-08-08 15:31
VLAI
Details

There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39969"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-03T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.",
  "id": "GHSA-gg48-x253-w5v2",
  "modified": "2023-08-08T15:31:30Z",
  "published": "2022-01-04T00:00:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39969"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2021/11"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202111-0000001217889667"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GGJW-VP86-C3P7

Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2022-05-24 17:18
VLAI
Details

Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-6490"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-05-21T04:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page.",
  "id": "GHSA-ggjw-vp86-c3p7",
  "modified": "2022-05-24T17:18:21Z",
  "published": "2022-05-24T17:18:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6490"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1035887"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLFZ5N4EK6I4ZJP5YSKLLVN3ELXEB4XT"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202006-02"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202101-30"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4714"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GGWQ-RH53-CHPG

Vulnerability from github – Published: 2022-05-13 00:00 – Updated: 2022-06-02 00:00
VLAI
Details

Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0005"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-319",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-12T17:15:00Z",
    "severity": "LOW"
  },
  "details": "Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access.",
  "id": "GHSA-ggwq-rh53-chpg",
  "modified": "2022-06-02T00:00:35Z",
  "published": "2022-05-13T00:00:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0005"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00614.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.