Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1251 vulnerabilities reference this CWE, most recent first.

GHSA-M67Q-JHV3-98CV

Vulnerability from github – Published: 2022-05-24 19:13 – Updated: 2022-07-13 00:01
VLAI
Details

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A local user may be able to modify protected parts of the file system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1822"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-08T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A local user may be able to modify protected parts of the file system.",
  "id": "GHSA-m67q-jhv3-98cv",
  "modified": "2022-07-13T00:01:01Z",
  "published": "2022-05-24T19:13:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1822"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212317"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212323"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212324"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M68V-XWF5-G5MH

Vulnerability from github – Published: 2021-12-16 00:01 – Updated: 2023-08-08 15:31
VLAI
Details

In hasGrantedPolicy of DevicePolicyManagerService.java, there is a possible information disclosure about the device owner, profile owner, or device admin due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192247339

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-0986"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-15T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In hasGrantedPolicy of DevicePolicyManagerService.java, there is a possible information disclosure about the device owner, profile owner, or device admin due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192247339",
  "id": "GHSA-m68v-xwf5-g5mh",
  "modified": "2023-08-08T15:31:25Z",
  "published": "2021-12-16T00:01:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0986"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2021-12-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M6M9-JXQ4-5486

Vulnerability from github – Published: 2023-03-14 18:30 – Updated: 2023-03-14 18:30
VLAI
Details

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-24870"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-14T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability",
  "id": "GHSA-m6m9-jxq4-5486",
  "modified": "2023-03-14T18:30:20Z",
  "published": "2023-03-14T18:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24870"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24870"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M7PF-2QJX-4MQR

Vulnerability from github – Published: 2022-04-20 00:00 – Updated: 2022-04-28 00:00
VLAI
Details

An Access Control vulnerability exists in Desire2Learn/D2L Learning Management System (LMS) 20.21.7 via the quizzing feature, which allows a remote malicious user to disable the Disable right click control.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-43129"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-19T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An Access Control vulnerability exists in Desire2Learn/D2L Learning Management System (LMS) 20.21.7 via the quizzing feature, which allows a remote malicious user to disable the Disable right click control.",
  "id": "GHSA-m7pf-2qjx-4mqr",
  "modified": "2022-04-28T00:00:43Z",
  "published": "2022-04-20T00:00:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43129"
    },
    {
      "type": "WEB",
      "url": "https://community.brightspace.com/s/article/retirement-notice-disable-right-click"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Skotizo/CVE-2021-43129"
    },
    {
      "type": "WEB",
      "url": "https://www.d2l.com/learning-management-system-lms"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M7V2-7GXM-VC2V

Vulnerability from github – Published: 2026-05-27 21:13 – Updated: 2026-05-27 21:13
VLAI
Summary
Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener
Details

Description

Symfony\Bridge\Monolog\Command\ServerLogCommand (the server:log console command) is a development-time helper that opens a TCP listener and displays log records pushed to it by the application's logging pipeline. Two unsafe defaults combine into a remotely reachable PHP object-deserialization sink:

  1. The listener binds to 0.0.0.0:9911 by default; it accepts connections on every interface, not only loopback.
  2. Each received frame is processed as unserialize(base64_decode($message)) without an allowed_classes allowlist, without authentication, and without any integrity check. The decoded value is then passed to displayLog(..., array $record) which assumes (without validating) that the result is an array.

Any host that can reach TCP port 9911 on a machine running server:log can therefore submit attacker-chosen serialized PHP payloads. The minimum impact is an unauthenticated denial of service (sending a non-array, e.g. serialize(new stdClass()), crashes the listener with a type error). Object injection with magic-method side effects (__wakeup() / __destruct() / etc.) is reachable before the array type-check fires; full remote code execution is environment-dependent and contingent on usable gadget chains in the autoload set of the target process.

Resolution

The server:log command no longer binds to all interfaces by default: the default --host is now 127.0.0.1:9911, requiring explicit opt-in to accept off-host traffic. Message decoding is gated by an unserialize() allowlist restricted to the Symfony\Component\VarDumper\Caster\* and Symfony\Component\VarDumper\Cloner\* classes that legitimately appear inside dumped log records; any other class is rejected and the record discarded.

The patch for this issue is available here for branch 5.4.

Credits

Symfony would like to thank Toàn Thắng and Sam Sanoop for reporting the issue and Nicolas Grekas for fixing it.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "symfony/monolog-bridge"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.4.52"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "symfony/symfony"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.4.52"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "symfony/monolog-bridge"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.4.40"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "symfony/monolog-bridge"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.4.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "symfony/monolog-bridge"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.0.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "symfony/symfony"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.4.40"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "symfony/symfony"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.4.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "symfony/symfony"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.0.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-45077"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-27T21:13:29Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Description\n\n`Symfony\\Bridge\\Monolog\\Command\\ServerLogCommand` (the `server:log` console command) is a development-time helper that opens a TCP listener and displays log records pushed to it by the application\u0027s logging pipeline. Two unsafe defaults combine into a remotely reachable PHP object-deserialization sink:\n\n1. The listener binds to `0.0.0.0:9911` by default; it accepts connections on every interface, not only loopback.\n2. Each received frame is processed as `unserialize(base64_decode($message))` without an `allowed_classes` allowlist, without authentication, and without any integrity check. The decoded value is then passed to `displayLog(..., array $record)` which assumes (without validating) that the result is an array.\n\nAny host that can reach TCP port 9911 on a machine running `server:log` can therefore submit attacker-chosen serialized PHP payloads. The minimum impact is an unauthenticated denial of service (sending a non-array, e.g. `serialize(new stdClass())`, crashes the listener with a type error). Object injection with magic-method side effects (`__wakeup()` / `__destruct()` / etc.) is reachable before the array type-check fires; full remote code execution is environment-dependent and contingent on usable gadget chains in the autoload set of the target process.\n\n### Resolution\n\nThe `server:log` command no longer binds to all interfaces by default: the default `--host` is now `127.0.0.1:9911`, requiring explicit opt-in to accept off-host traffic. Message decoding is gated by an `unserialize()` allowlist restricted to the `Symfony\\Component\\VarDumper\\Caster\\*` and `Symfony\\Component\\VarDumper\\Cloner\\*` classes that legitimately appear inside dumped log records; any other class is rejected and the record discarded.\n\nThe patch for this issue is available [here](https://github.com/symfony/symfony/commit/0891b2f293896c488e26943dc034334364b77fc4) for branch 5.4.\n\n### Credits\n\nSymfony would like to thank To\u00e0n Th\u1eafng and Sam Sanoop for reporting the issue and Nicolas Grekas for fixing it.",
  "id": "GHSA-m7v2-7gxm-vc2v",
  "modified": "2026-05-27T21:13:29Z",
  "published": "2026-05-27T21:13:29Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/symfony/symfony/security/advisories/GHSA-m7v2-7gxm-vc2v"
    },
    {
      "type": "WEB",
      "url": "https://github.com/symfony/symfony/commit/0891b2f293896c488e26943dc034334364b77fc4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/monolog-bridge/CVE-2026-45077.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45077.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/symfony/symfony"
    },
    {
      "type": "WEB",
      "url": "https://symfony.com/cve-2026-45077"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener"
}

GHSA-M879-9XPQ-PPWC

Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-07-13 00:01
VLAI
Details

Istio before 1.9.6 and 1.10.x before 1.10.2 has Incorrect Access Control.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34824"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-29T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "Istio before 1.9.6 and 1.10.x before 1.10.2 has Incorrect Access Control.",
  "id": "GHSA-m879-9xpq-ppwc",
  "modified": "2022-07-13T00:01:27Z",
  "published": "2022-05-24T19:06:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34824"
    },
    {
      "type": "WEB",
      "url": "https://github.com/istio/istio/releases"
    },
    {
      "type": "WEB",
      "url": "https://istio.io/latest/news/security/istio-security-2021-007"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M8J6-RG22-WW2F

Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-07-13 00:01
VLAI
Details

An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22215"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-08T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members\u0027 on-call rotations in other projects",
  "id": "GHSA-m8j6-rg22-ww2f",
  "modified": "2022-07-13T00:01:09Z",
  "published": "2022-05-24T19:04:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22215"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22215.json"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/328668"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M8WF-FQCM-6693

Vulnerability from github – Published: 2023-06-02 18:30 – Updated: 2024-04-04 04:30
VLAI
Details

Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. This vulnerability affects Firefox < 111.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-25750"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-02T17:15:11Z",
    "severity": "MODERATE"
  },
  "details": "Under certain circumstances, a ServiceWorker\u0027s offline cache may have leaked to the file system when using private browsing mode. This vulnerability affects Firefox \u003c 111.",
  "id": "GHSA-m8wf-fqcm-6693",
  "modified": "2024-04-04T04:30:22Z",
  "published": "2023-06-02T18:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25750"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1814733"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-09"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M93Q-8WXV-XGC5

Vulnerability from github – Published: 2022-02-25 00:01 – Updated: 2023-08-08 15:31
VLAI
Details

seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-25643"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-24T15:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname.",
  "id": "GHSA-m93q-8wxv-xgc5",
  "modified": "2023-08-08T15:31:44Z",
  "published": "2022-02-25T00:01:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25643"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kennylevinsen/seatd/commit/10658dc5439db429af0088295a051c53925a4416"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kennylevinsen/seatd/commit/7cffe0797fdb17a9c08922339465b1b187394335"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kennylevinsen/seatd/compare/0.6.3...0.6.4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kennylevinsen/seatd/tags"
    },
    {
      "type": "WEB",
      "url": "https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M95M-2XC3-P525

Vulnerability from github – Published: 2021-12-01 00:00 – Updated: 2022-08-10 00:00
VLAI
Details

Incorrect Access Control in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker to view the Shape Editor and Settings, which are functionality for higher privileged users, via identifying said components in the front-end source code or other means.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-42116"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-30T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Incorrect Access Control in Web Applications operating on Business-DNA Solutions GmbH\u00e2\u20ac\u2122s TopEase\u00c2\u00ae Platform Version \u003c= 7.1.27 allows an authenticated remote attacker to view the Shape Editor and Settings, which are functionality for higher privileged users, via identifying said components in the front-end source code or other means.",
  "id": "GHSA-m95m-2xc3-p525",
  "modified": "2022-08-10T00:00:23Z",
  "published": "2021-12-01T00:00:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42116"
    },
    {
      "type": "WEB",
      "url": "https://confluence.topease.ch/confluence/display/DOC/Release+Notes"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.