CWE-668
DiscouragedExposure of Resource to Wrong Sphere
Abstraction: Class · Status: Draft
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
1252 vulnerabilities reference this CWE, most recent first.
GHSA-JJ4F-P7VV-J4V9
Vulnerability from github – Published: 2021-06-16 17:51 – Updated: 2022-06-06 18:06Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes. This issue was addressed in Apache Druid 0.20.2
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.druid:druid"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.20.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-26919"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2021-03-31T20:50:36Z",
"nvd_published_at": "2021-03-30T08:15:00Z",
"severity": "HIGH"
},
"details": "Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes. This issue was addressed in Apache Druid 0.20.2",
"id": "GHSA-jj4f-p7vv-j4v9",
"modified": "2022-06-06T18:06:44Z",
"published": "2021-06-16T17:51:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26919"
},
{
"type": "WEB",
"url": "https://github.com/apache/druid/commit/48953e3508967f5156c69676432b5d4dd25ea678"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/druid"
},
{
"type": "WEB",
"url": "https://github.com/apache/druid/releases/tag/druid-0.20.2"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r443e2916c612fbd119839c0fc0729327d6031913a75081adac5b43ad@%3Cdev.druid.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r470f8c92eb5df45f41b3ae609b6315b6c5ff51b3ceb2f09f00ca620f@%3Cdev.druid.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r6bc68264170046448f823d12c17fd1fd875251d97d60869f58709872@%3Ccommits.druid.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r7a531ec123570cb7875ff991cf115f99e9ef99a48b3cf3fa4f9d9864@%3Ccommits.druid.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ra85fa7d31f9bec1148ffd2e4030934927caa8bff89bca9f61f75e697@%3Cdev.druid.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd87451fce34df54796e66321c40d743a68fb4553d72e7f6f0bc62ebd%40%3Cdev.druid.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re0910cf4c784897774427fecd95912fb565a6bd06d924a55e70bbbfc@%3Ccommits.druid.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re4c5deb0aae4bace69844d15c9fd1699e907ebfee93bc3926474d110@%3Cdev.druid.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf3ea2a4018e87e6c45d36cf8479af7727dcc276edabd2f7cf59e0c5f@%3Cdev.druid.apache.org%3E"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Arbitrary code execution in Apache Druid"
}
GHSA-JJ68-7H34-V267
Vulnerability from github – Published: 2022-12-26 21:30 – Updated: 2025-04-14 18:31In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames.
{
"affected": [],
"aliases": [
"CVE-2019-9011"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-26T20:15:00Z",
"severity": "MODERATE"
},
"details": "In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames.",
"id": "GHSA-jj68-7h34-v267",
"modified": "2025-04-14T18:31:42Z",
"published": "2022-12-26T21:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9011"
},
{
"type": "WEB",
"url": "https://cert.vde.com/en/advisories/VDE-2021-061"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JJH6-7R67-W858
Vulnerability from github – Published: 2022-02-12 00:00 – Updated: 2023-08-08 15:31In clear_data_dlg_text of strings.xml, there is a possible situation when "Clear storage" functionality sets up the wrong security/privacy expectations due to a misleading message. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193890833
{
"affected": [],
"aliases": [
"CVE-2021-39631"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-11T18:15:00Z",
"severity": "MODERATE"
},
"details": "In clear_data_dlg_text of strings.xml, there is a possible situation when \"Clear storage\" functionality sets up the wrong security/privacy expectations due to a misleading message. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193890833",
"id": "GHSA-jjh6-7r67-w858",
"modified": "2023-08-08T15:31:43Z",
"published": "2022-02-12T00:00:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39631"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2022-02-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JJVP-WFP8-RV69
Vulnerability from github – Published: 2023-01-06 21:30 – Updated: 2023-01-12 20:58A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. The manipulation leads to insecure temporary file. The attack can be initiated remotely. Upgrading to version 4.5.1 can address this issue. The name of the patch is 77a820bac2f68e662ce261ecb050c643bd7ee560. It is recommended to upgrade the affected component. VDB-217570 is the identifier assigned to this vulnerability.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.anrisoftware.globalpom:globalpomutils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.5.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-25068"
],
"database_specific": {
"cwe_ids": [
"CWE-377",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2023-01-12T20:58:04Z",
"nvd_published_at": "2023-01-06T21:15:00Z",
"severity": "CRITICAL"
},
"details": "A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function `createTmpDir` of the file `globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java`. The manipulation leads to insecure temporary file. The attack can be initiated remotely. Upgrading to version 4.5.1 can address this issue. The name of the patch is 77a820bac2f68e662ce261ecb050c643bd7ee560. It is recommended to upgrade the affected component. VDB-217570 is the identifier assigned to this vulnerability.",
"id": "GHSA-jjvp-wfp8-rv69",
"modified": "2023-01-12T20:58:04Z",
"published": "2023-01-06T21:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25068"
},
{
"type": "WEB",
"url": "https://github.com/devent/globalpom-utils/commit/77a820bac2f68e662ce261ecb050c643bd7ee560"
},
{
"type": "PACKAGE",
"url": "https://github.com/devent/globalpom-utils"
},
{
"type": "WEB",
"url": "https://github.com/devent/globalpom-utils/releases/tag/globalpomutils-4.5.1"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.217570"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.217570"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "globalpom-utils has Insecure Temporary File"
}
GHSA-JJXQ-FF2G-95VH
Vulnerability from github – Published: 2024-11-06 19:52 – Updated: 2024-11-12 19:43Description
In a sandbox, and attacker can access attributes of Array-like objects as they were not checked by the security policy.
They are now checked via the property policy and the __isset() method is now called after the security check.
This is a BC break.
Resolution
The sandbox mode now ensures access to array-like's properties is allowed.
The patch for this issue is available here for the 3.11.x branch, and here for the 3.x branch.
Credits
We would like to thank Jamie Schouten for reporting the issue and Nicolas Grekas for providing the fix.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "twig/twig"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "twig/twig"
},
"ranges": [
{
"events": [
{
"introduced": "3.12"
},
{
"fixed": "3.14.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-51755"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2024-11-06T19:52:55Z",
"nvd_published_at": "2024-11-06T20:15:06Z",
"severity": "LOW"
},
"details": "### Description\n\nIn a sandbox, and attacker can access attributes of Array-like objects as they were not checked by the security policy.\nThey are now checked via the property policy and the `__isset()` method is now called after the security check.\n**This is a BC break.**\n\n### Resolution\n\nThe sandbox mode now ensures access to array-like\u0027s properties is allowed.\n\nThe patch for this issue is available [here](https://github.com/twigphp/Twig/commit/ec39a9dccc5fb4eaaba55e5d79a6f84a8dd8b69d) for the 3.11.x branch, and [here](https://github.com/twigphp/Twig/commit/b957e5a44cc0075d04ccff52f8fa9d8e6db3e3a0) for the 3.x branch.\n\n### Credits\n\nWe would like to thank Jamie Schouten for reporting the issue and Nicolas Grekas for providing the fix.\n",
"id": "GHSA-jjxq-ff2g-95vh",
"modified": "2024-11-12T19:43:00Z",
"published": "2024-11-06T19:52:55Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/twigphp/Twig/security/advisories/GHSA-jjxq-ff2g-95vh"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51755"
},
{
"type": "WEB",
"url": "https://github.com/twigphp/Twig/commit/831c148e786178e5f2fde9db67266be3bf241c21"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2024-51755.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/twigphp/Twig"
},
{
"type": "WEB",
"url": "https://symfony.com/blog/unguarded-calls-to-__isset-and-to-array-accesses-when-the-sandbox-is-enabled"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled"
}
GHSA-JM74-36VR-69GX
Vulnerability from github – Published: 2023-08-21 18:31 – Updated: 2024-04-04 07:04The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. It can only be exploited if the plugin has not been configured yet. If combined with another arbitrary plugin installation and activation vulnerability, it may be possible to connect a site to InfiniteWP which would make remote management possible and allow for elevation of privileges.
{
"affected": [],
"aliases": [
"CVE-2023-2916"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-15T09:15:09Z",
"severity": "MODERATE"
},
"details": "The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the \u0027admin_notice\u0027 function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. It can only be exploited if the plugin has not been configured yet. If combined with another arbitrary plugin installation and activation vulnerability, it may be possible to connect a site to InfiniteWP which would make remote management possible and allow for elevation of privileges.",
"id": "GHSA-jm74-36vr-69gx",
"modified": "2024-04-04T07:04:54Z",
"published": "2023-08-21T18:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2916"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/iwp-client/tags/1.11.1/core.class.php#L365"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/2925897/iwp-client#file4"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aa157c80-447f-4406-9e49-9cc6208b7b19?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JP2P-37CW-QG8C
Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2022-05-13 01:46The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog.
{
"affected": [],
"aliases": [
"CVE-2017-5634"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-09T16:59:00Z",
"severity": "HIGH"
},
"details": "The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended \"Please select booking identification\" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog.",
"id": "GHSA-jp2p-37cw-qg8c",
"modified": "2022-05-13T01:46:13Z",
"published": "2022-05-13T01:46:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5634"
},
{
"type": "WEB",
"url": "https://bugemot.com/bug/190"
},
{
"type": "WEB",
"url": "https://www.youtube.com/watch?v=2j9gP5Qu2WA"
},
{
"type": "WEB",
"url": "https://www.youtube.com/watch?v=WSQW0ipnXQg"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96230"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JPW2-CWXG-4QV8
Vulnerability from github – Published: 2021-11-27 00:00 – Updated: 2022-04-01 00:01In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property
{
"affected": [],
"aliases": [
"CVE-2021-44225"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-26T00:15:00Z",
"severity": "MODERATE"
},
"details": "In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property",
"id": "GHSA-jpw2-cwxg-4qv8",
"modified": "2022-04-01T00:01:19Z",
"published": "2021-11-27T00:00:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44225"
},
{
"type": "WEB",
"url": "https://github.com/acassen/keepalived/pull/2063"
},
{
"type": "WEB",
"url": "https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00012.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5226RYNMNB7FL4MSJDIBBGPUWH6LMRYV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6O2R6EXURJQFPFPYFWRCZLUYVWQCLSZM"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JPWR-PHPW-6HPW
Vulnerability from github – Published: 2023-04-18 21:30 – Updated: 2024-04-04 03:32Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.4 allows local attacker to retrieve passwords via reading log files.
{
"affected": [],
"aliases": [
"CVE-2023-22307"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-18T19:15:07Z",
"severity": "MODERATE"
},
"details": "Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.4 allows local attacker to retrieve passwords via reading log files.",
"id": "GHSA-jpwr-phpw-6hpw",
"modified": "2024-04-04T03:32:18Z",
"published": "2023-04-18T21:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22307"
},
{
"type": "WEB",
"url": "https://checkmk.com/werk/9522"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JQMM-C922-3758
Vulnerability from github – Published: 2022-05-13 01:39 – Updated: 2022-05-13 01:39Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.
{
"affected": [],
"aliases": [
"CVE-2017-0367"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-13T16:29:00Z",
"severity": "HIGH"
},
"details": "Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.",
"id": "GHSA-jqmm-c922-3758",
"modified": "2022-05-13T01:39:56Z",
"published": "2022-05-13T01:39:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0367"
},
{
"type": "WEB",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
},
{
"type": "WEB",
"url": "https://phabricator.wikimedia.org/T161453"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-0367"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.