CWE-668
DiscouragedExposure of Resource to Wrong Sphere
Abstraction: Class · Status: Draft
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
1252 vulnerabilities reference this CWE, most recent first.
GHSA-GC62-J469-9GJM
Vulnerability from github – Published: 2022-05-24 16:47 – Updated: 2023-08-01 23:31In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as /root/.kube/config or /var/lib/rancher/management-state/cred/kubeconfig-system.yaml.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.2.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.27"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-12274"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2023-08-01T23:31:39Z",
"nvd_published_at": "2019-06-06T16:29:00Z",
"severity": "HIGH"
},
"details": "In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as /root/.kube/config or /var/lib/rancher/management-state/cred/kubeconfig-system.yaml.",
"id": "GHSA-gc62-j469-9gjm",
"modified": "2023-08-01T23:31:39Z",
"published": "2022-05-24T16:47:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12274"
},
{
"type": "WEB",
"url": "https://forums.rancher.com/t/rancher-release-v2-2-4-addresses-rancher-cve-2019-12274-and-cve-2019-12303/14466"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Rancher Privilege Escalation Vulnerability"
}
GHSA-GC7P-GG9X-38QQ
Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2025-03-31 12:30ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.
{
"affected": [],
"aliases": [
"CVE-2020-36252"
],
"database_specific": {
"cwe_ids": [
"CWE-330",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-19T07:15:00Z",
"severity": "MODERATE"
},
"details": "ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.",
"id": "GHSA-gc7p-gg9x-38qq",
"modified": "2025-03-31T12:30:44Z",
"published": "2022-05-24T17:42:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36252"
},
{
"type": "WEB",
"url": "https://owncloud.com/security-advisories/access-to-all-file-versions"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GC9M-33CP-RMPJ
Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2025-10-22 00:32A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
{
"affected": [],
"aliases": [
"CVE-2021-20123"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-13T16:15:00Z",
"severity": "HIGH"
},
"details": "A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.",
"id": "GHSA-gc9m-33cp-rmpj",
"modified": "2025-10-22T00:32:25Z",
"published": "2022-05-24T19:17:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20123"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20123"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/research/tra-2021-42"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GCQ7-GW4P-W9R8
Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-07-13 00:01Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege.
{
"affected": [],
"aliases": [
"CVE-2021-20763"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-18T06:15:00Z",
"severity": "MODERATE"
},
"details": "Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege.",
"id": "GHSA-gcq7-gw4p-w9r8",
"modified": "2022-07-13T00:01:06Z",
"published": "2022-05-24T19:11:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20763"
},
{
"type": "WEB",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GCW2-HF24-M7FV
Vulnerability from github – Published: 2022-05-13 00:00 – Updated: 2022-06-02 00:00An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity.
{
"affected": [],
"aliases": [
"CVE-2021-26366"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-12T18:16:00Z",
"severity": "HIGH"
},
"details": "An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity.",
"id": "GHSA-gcw2-hf24-m7fv",
"modified": "2022-06-02T00:00:13Z",
"published": "2022-05-13T00:00:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26366"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GFCH-5J2V-MQ4F
Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2022-07-13 00:01In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.
{
"affected": [],
"aliases": [
"CVE-2021-43196"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-09T15:15:00Z",
"severity": "HIGH"
},
"details": "In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.",
"id": "GHSA-gfch-5j2v-mq4f",
"modified": "2022-07-13T00:01:43Z",
"published": "2022-05-24T19:20:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43196"
},
{
"type": "WEB",
"url": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GFWJ-FWQJ-FP3V
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2023-07-19 14:39In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.2.14"
},
"package": {
"ecosystem": "Maven",
"name": "org.springframework:spring-web"
},
"ranges": [
{
"events": [
{
"introduced": "5.2.0"
},
{
"fixed": "5.2.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.3.6"
},
"package": {
"ecosystem": "Maven",
"name": "org.springframework:spring-web"
},
"ranges": [
{
"events": [
{
"introduced": "5.3.0"
},
{
"fixed": "5.3.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-22118"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-22T18:24:11Z",
"nvd_published_at": "2021-05-27T15:15:00Z",
"severity": "HIGH"
},
"details": "In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.",
"id": "GHSA-gfwj-fwqj-fp3v",
"modified": "2023-07-19T14:39:30Z",
"published": "2022-05-24T19:03:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22118"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-framework/issues/26931"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-framework/commit/0d0d75e25322d8161002d861fff3ec04ba8be5ac"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-framework/commit/cce60c479c22101f24b2b4abebb6d79440b120d1"
},
{
"type": "PACKAGE",
"url": "https://github.com/spring-projects/spring-framework"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210713-0005"
},
{
"type": "WEB",
"url": "https://spring.io/security/cve-2021-22118"
},
{
"type": "WEB",
"url": "https://tanzu.vmware.com/security/cve-2021-22118"
},
{
"type": "WEB",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improper Privilege Management in Spring Framework"
}
GHSA-GG48-X253-W5V2
Vulnerability from github – Published: 2022-01-04 00:00 – Updated: 2023-08-08 15:31There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.
{
"affected": [],
"aliases": [
"CVE-2021-39969"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-03T22:15:00Z",
"severity": "HIGH"
},
"details": "There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.",
"id": "GHSA-gg48-x253-w5v2",
"modified": "2023-08-08T15:31:30Z",
"published": "2022-01-04T00:00:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39969"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2021/11"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202111-0000001217889667"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GGJW-VP86-C3P7
Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2022-05-24 17:18Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2020-6490"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-05-21T04:15:00Z",
"severity": "MODERATE"
},
"details": "Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page.",
"id": "GHSA-ggjw-vp86-c3p7",
"modified": "2022-05-24T17:18:21Z",
"published": "2022-05-24T17:18:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6490"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1035887"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLFZ5N4EK6I4ZJP5YSKLLVN3ELXEB4XT"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202006-02"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202101-30"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4714"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GGWQ-RH53-CHPG
Vulnerability from github – Published: 2022-05-13 00:00 – Updated: 2022-06-02 00:00Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access.
{
"affected": [],
"aliases": [
"CVE-2022-0005"
],
"database_specific": {
"cwe_ids": [
"CWE-319",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-12T17:15:00Z",
"severity": "LOW"
},
"details": "Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access.",
"id": "GHSA-ggwq-rh53-chpg",
"modified": "2022-06-02T00:00:35Z",
"published": "2022-05-13T00:00:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0005"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00614.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.