CWE-610
DiscouragedExternally Controlled Reference to a Resource in Another Sphere
Abstraction: Class · Status: Draft
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
278 vulnerabilities reference this CWE, most recent first.
GHSA-HHPM-74PM-HF35
Vulnerability from github – Published: 2022-05-24 17:24 – Updated: 2023-08-22 14:35The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "k8s.io/ingress-nginx"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.28.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-8553"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-73"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-13T21:00:22Z",
"nvd_published_at": "2020-07-29T15:15:00Z",
"severity": "MODERATE"
},
"details": "The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name.",
"id": "GHSA-hhpm-74pm-hf35",
"modified": "2023-08-22T14:35:45Z",
"published": "2022-05-24T17:24:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8553"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/ingress-nginx/issues/5126"
},
{
"type": "PACKAGE",
"url": "https://github.com/kubernetes/ingress-nginx"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "ingress-nginx component for Kubernetes allows file overwrite"
}
GHSA-JH8V-CW9F-FRWP
Vulnerability from github – Published: 2025-08-27 00:31 – Updated: 2025-08-27 15:33In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2025-0082"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-26T23:15:32Z",
"severity": "MODERATE"
},
"details": "In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.",
"id": "GHSA-jh8v-cw9f-frwp",
"modified": "2025-08-27T15:33:14Z",
"published": "2025-08-27T00:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0082"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/frameworks/base/+/7ba8c8f63f1b13b127c871749314a242ff022ae2"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/packages/services/Telecomm/+/685c2fc2f6b40bb2113db77da270c7b7220791c4"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2025-03-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JHM9-H84H-RW83
Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2023-04-21 21:07A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "phpbb/phpbb"
},
"ranges": [
{
"events": [
{
"introduced": "3.2.0"
},
{
"fixed": "3.2.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "phpbb/phpbb"
},
"ranges": [
{
"events": [
{
"introduced": "3.3.0"
},
{
"fixed": "3.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-8226"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2023-04-21T21:07:53Z",
"nvd_published_at": "2020-08-17T16:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability exists in phpBB \u003cv3.2.10 and \u003cv3.3.1 which allowed remote image dimensions check to be used to SSRF.",
"id": "GHSA-jhm9-h84h-rw83",
"modified": "2023-04-21T21:07:53Z",
"published": "2022-05-24T17:26:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8226"
},
{
"type": "WEB",
"url": "https://github.com/phpbb/phpbb-app/commit/0cfaaafb386d58576d200d56f1acdbcc2f2376e8"
},
{
"type": "WEB",
"url": "https://github.com/phpbb/phpbb-app/commit/efc0a146bf12125eeb71d00470af774326a7bf0a"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpbb/phpbb/CVE-2020-8226.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/phpbb/phpbb-app"
},
{
"type": "WEB",
"url": "https://www.phpbb.com/community/viewtopic.php?f=14\u0026t=2562631"
},
{
"type": "WEB",
"url": "https://www.phpbb.com/community/viewtopic.php?f=14\u0026t=2562636"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "phpBB Server-Side Request Forgery Vulnerability"
}
GHSA-JJ65-79WR-35V9
Vulnerability from github – Published: 2024-09-12 15:33 – Updated: 2024-10-02 15:30CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file.
{
"affected": [],
"aliases": [
"CVE-2024-45826"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-12T15:18:24Z",
"severity": "HIGH"
},
"details": "CVE-2024-45826 IMPACT\nDue to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager\u00ae processes a crafted POST request. If exploited, a user can install an executable file.",
"id": "GHSA-jj65-79wr-35v9",
"modified": "2024-10-02T15:30:36Z",
"published": "2024-09-12T15:33:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45826"
},
{
"type": "WEB",
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1700.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-JJRP-2758-J9W4
Vulnerability from github – Published: 2025-12-08 18:30 – Updated: 2025-12-08 21:30In multiple locations, there is a possible way to alter the primary user's face unlock settings due to a confused deputy. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2025-48598"
],
"database_specific": {
"cwe_ids": [
"CWE-441",
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-08T17:16:16Z",
"severity": "MODERATE"
},
"details": "In multiple locations, there is a possible way to alter the primary user\u0027s face unlock settings due to a confused deputy. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-jjrp-2758-j9w4",
"modified": "2025-12-08T21:30:21Z",
"published": "2025-12-08T18:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48598"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/packages/apps/Settings/+/83447688f8e3e8f009f1e7d275a14ea00ee7953a"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2025-12-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JRXX-XQJX-M3G3
Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2022-05-24 19:18In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-183262161
{
"affected": [],
"aliases": [
"CVE-2021-0708"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-22T14:15:00Z",
"severity": "HIGH"
},
"details": "In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-183262161",
"id": "GHSA-jrxx-xqjx-m3g3",
"modified": "2022-05-24T19:18:37Z",
"published": "2022-05-24T19:18:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0708"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2021-10-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JV6V-FVVX-4932
Vulnerability from github – Published: 2020-06-03 21:58 – Updated: 2021-03-04 18:28Impact
An attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the cms.manage_assets permission.
Patches
Issue has been patched in Build 466 (v1.0.466).
Workarounds
Apply https://github.com/octobercms/october/commit/2b8939cc8b5b6fe81e093fe2c9f883ada4e3c8cc to your installation manually if unable to upgrade to Build 466.
References
Reported by Sivanesh Ashok
For more information
If you have any questions or comments about this advisory: * Email us at hello@octobercms.com
Threat assessment:

{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "october/cms"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.319"
},
{
"fixed": "1.0.466"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-5296"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-73"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-03T21:26:30Z",
"nvd_published_at": "2020-06-03T22:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nAn attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission.\n\n### Patches\nIssue has been patched in Build 466 (v1.0.466).\n\n### Workarounds\nApply https://github.com/octobercms/october/commit/2b8939cc8b5b6fe81e093fe2c9f883ada4e3c8cc to your installation manually if unable to upgrade to Build 466.\n\n### References\nReported by [Sivanesh Ashok](https://stazot.com/)\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at [hello@octobercms.com](mailto:hello@octobercms.com)\n\n### Threat assessment:\n\u003cimg width=\"1241\" alt=\"Screen Shot 2020-03-31 at 12 16 53 PM\" src=\"https://user-images.githubusercontent.com/7253840/78060872-89354d00-7349-11ea-8c2b-5881b0a50736.png\"\u003e",
"id": "GHSA-jv6v-fvvx-4932",
"modified": "2021-03-04T18:28:29Z",
"published": "2020-06-03T21:58:21Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/octobercms/october/security/advisories/GHSA-jv6v-fvvx-4932"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5296"
},
{
"type": "WEB",
"url": "https://github.com/octobercms/october/commit/2b8939cc8b5b6fe81e093fe2c9f883ada4e3c8cc"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2020/Aug/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Arbitrary File Deletion vulnerability in OctoberCMS"
}
GHSA-JVW8-2M5M-9449
Vulnerability from github – Published: 2026-05-08 00:31 – Updated: 2026-05-08 00:31Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.
{
"affected": [],
"aliases": [
"CVE-2026-34327"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-07T22:16:34Z",
"severity": "HIGH"
},
"details": "Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.",
"id": "GHSA-jvw8-2m5m-9449",
"modified": "2026-05-08T00:31:33Z",
"published": "2026-05-08T00:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34327"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34327"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JXCR-W9Q6-GMHX
Vulnerability from github – Published: 2026-06-30 15:30 – Updated: 2026-07-02 18:36Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled
{
"affected": [],
"aliases": [
"CVE-2026-10816"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-73"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-30T13:17:04Z",
"severity": "HIGH"
},
"details": "Arbitrary File Read (Unauthenticated) in\u00a0NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled",
"id": "GHSA-jxcr-w9q6-gmhx",
"modified": "2026-07-02T18:36:17Z",
"published": "2026-06-30T15:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10816"
},
{
"type": "WEB",
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-M42Q-F292-M7WQ
Vulnerability from github – Published: 2021-12-16 00:01 – Updated: 2021-12-21 00:01In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to change audio stream volume due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-189857506
{
"affected": [],
"aliases": [
"CVE-2021-1003"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-15T19:15:00Z",
"severity": "HIGH"
},
"details": "In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to change audio stream volume due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-189857506",
"id": "GHSA-m42q-f292-m7wq",
"modified": "2021-12-21T00:01:20Z",
"published": "2021-12-16T00:01:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1003"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2021-12-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
No mitigation information available for this CWE.
CAPEC-219: XML Routing Detour Attacks
An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.