CWE-668
DiscouragedExposure of Resource to Wrong Sphere
Abstraction: Class · Status: Draft
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
1251 vulnerabilities reference this CWE, most recent first.
GHSA-QPVG-XQX2-4327
Vulnerability from github – Published: 2022-06-15 00:00 – Updated: 2022-06-24 00:00A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request.
{
"affected": [],
"aliases": [
"CVE-2022-31847"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-14T14:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request.",
"id": "GHSA-qpvg-xqx2-4327",
"modified": "2022-06-24T00:00:32Z",
"published": "2022-06-15T00:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31847"
},
{
"type": "WEB",
"url": "https://github.com/pghuanghui/CVE_Request/blob/main/WAVLINK%20WN579%20X3__Sensitive%20information%20leakage.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QPWJ-FCQ8-GVWH
Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.php.
{
"affected": [],
"aliases": [
"CVE-2018-6880"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-12T03:29:00Z",
"severity": "MODERATE"
},
"details": "EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.php.",
"id": "GHSA-qpwj-fcq8-gvwh",
"modified": "2022-05-13T01:03:34Z",
"published": "2022-05-13T01:03:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6880"
},
{
"type": "WEB",
"url": "https://github.com/kongxin520/EmpireCMS/blob/master/EmpireCMS.md"
},
{
"type": "WEB",
"url": "https://kongxin.gitbook.io/empirecms"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QQ2W-VPGQ-JP7X
Vulnerability from github – Published: 2022-02-26 00:00 – Updated: 2023-08-08 15:31In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.
{
"affected": [],
"aliases": [
"CVE-2022-24336"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-25T15:15:00Z",
"severity": "MODERATE"
},
"details": "In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.",
"id": "GHSA-qq2w-vpgq-jp7x",
"modified": "2023-08-08T15:31:44Z",
"published": "2022-02-26T00:00:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24336"
},
{
"type": "WEB",
"url": "https://blog.jetbrains.com"
},
{
"type": "WEB",
"url": "https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QQ5J-V6JH-6XGC
Vulnerability from github – Published: 2022-09-09 00:00 – Updated: 2022-09-15 00:00Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL.
{
"affected": [],
"aliases": [
"CVE-2022-38400"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-08T08:15:00Z",
"severity": "MODERATE"
},
"details": "Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL.",
"id": "GHSA-qq5j-v6jh-6xgc",
"modified": "2022-09-15T00:00:20Z",
"published": "2022-09-09T00:00:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38400"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN34205166/index.html"
},
{
"type": "WEB",
"url": "https://www.synck.com/blogs/news/newsroom/detail_1661907555.html"
},
{
"type": "WEB",
"url": "https://www.synck.com/downloads/cgi-perl/mailformpro/feature_1381250709.html"
},
{
"type": "WEB",
"url": "https://www.synck.com/downloads/cgi-perl/mailformpro/index.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QQQ7-4HXC-X63C
Vulnerability from github – Published: 2026-04-09 17:32 – Updated: 2026-05-06 20:04Impact
Shared reply MEDIA: paths are treated as trusted and can trigger cross-channel local file exfiltration.
A crafted shared reply MEDIA reference could cause another channel to read a local file path as trusted generated media.
OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.
Affected Packages / Versions
- Package:
openclaw(npm) - Affected versions:
<=2026.4.4 - Patched versions:
2026.4.8
Fix
The issue was fixed on main and is available in the patched npm version listed above. The verified fixed tree is commit d7c3210cd6f5fdfdc1beff4c9541673e814354d5.
Verification
The fix was re-checked against main before publication, including targeted regression tests for the affected security boundary.
Credits
Thanks @threalwinky for reporting.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.4.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-42424"
],
"database_specific": {
"cwe_ids": [
"CWE-668",
"CWE-73"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-09T17:32:58Z",
"nvd_published_at": "2026-04-28T19:37:46Z",
"severity": "MODERATE"
},
"details": "## Impact\n\nShared reply MEDIA: paths are treated as trusted and can trigger cross-channel local file exfiltration.\n\nA crafted shared reply MEDIA reference could cause another channel to read a local file path as trusted generated media.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `\u003c=2026.4.4`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @threalwinky for reporting.",
"id": "GHSA-qqq7-4hxc-x63c",
"modified": "2026-05-06T20:04:11Z",
"published": "2026-04-09T17:32:58Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qqq7-4hxc-x63c"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42424"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-local-file-exfiltration-via-shared-reply-media-paths"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw: Shared reply MEDIA - paths are treated as trusted and can trigger cross-channel local file exfiltration"
}
GHSA-QRCX-R22R-R6XM
Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2022-05-24 17:18An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.
{
"affected": [],
"aliases": [
"CVE-2020-9291"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-01T19:15:00Z",
"severity": "MODERATE"
},
"details": "An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.",
"id": "GHSA-qrcx-r22r-r6xm",
"modified": "2022-05-24T17:18:56Z",
"published": "2022-05-24T17:18:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9291"
},
{
"type": "WEB",
"url": "https://fortiguard.com/psirt/FG-IR-20-040"
},
{
"type": "WEB",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-040"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-QRG9-F472-QWFM
Vulnerability from github – Published: 2021-06-28 16:55 – Updated: 2021-06-24 19:46Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), and 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows network attacker to enumerate all available routes via crafted HTTP request when application is running in production mode and no custom handler for NotFoundException is provided.
- https://vaadin.com/security/cve-2021-31412
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.0.18"
},
"package": {
"ecosystem": "Maven",
"name": "com.vaadin:vaadin-bom"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.0.19"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c 14.0.0"
},
"package": {
"ecosystem": "Maven",
"name": "com.vaadin:vaadin-bom"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0"
},
{
"fixed": "14.6.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 19.0.8"
},
"package": {
"ecosystem": "Maven",
"name": "com.vaadin:vaadin-bom"
},
"ranges": [
{
"events": [
{
"introduced": "15.0.0"
},
{
"fixed": "19.0.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-31412"
],
"database_specific": {
"cwe_ids": [
"CWE-1295",
"CWE-20",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2021-06-24T19:46:19Z",
"nvd_published_at": "2021-06-24T12:15:00Z",
"severity": "MODERATE"
},
"details": "Improper sanitization of path in default `RouteNotFoundError` view in `com.vaadin:flow-server` versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), and 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows network attacker to enumerate all available routes via crafted HTTP request when application is running in production mode and no custom handler for `NotFoundException` is provided.\n\n- https://vaadin.com/security/cve-2021-31412",
"id": "GHSA-qrg9-f472-qwfm",
"modified": "2021-06-24T19:46:19Z",
"published": "2021-06-28T16:55:58Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/vaadin/platform/security/advisories/GHSA-qrg9-f472-qwfm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31412"
},
{
"type": "WEB",
"url": "https://github.com/vaadin/flow/pull/11107"
},
{
"type": "WEB",
"url": "https://vaadin.com/security/cve-2021-31412"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19"
}
GHSA-QRGF-2V3C-GV8M
Vulnerability from github – Published: 2021-12-16 00:01 – Updated: 2022-07-13 00:01In requestRouteToHostAddress of ConnectivityService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193801134
{
"affected": [],
"aliases": [
"CVE-2021-0994"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-15T19:15:00Z",
"severity": "LOW"
},
"details": "In requestRouteToHostAddress of ConnectivityService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193801134",
"id": "GHSA-qrgf-2v3c-gv8m",
"modified": "2022-07-13T00:01:00Z",
"published": "2021-12-16T00:01:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0994"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2021-12-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QV29-RJWJ-JJRM
Vulnerability from github – Published: 2023-01-01 06:30 – Updated: 2023-01-09 15:30lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that "we will report back to the user that the open() failed but the user has no way of knowing why it failed"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.
{
"affected": [],
"aliases": [
"CVE-2022-47952"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-01T06:15:00Z",
"severity": "LOW"
},
"details": "lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because \"Failed to open\" often indicates that a file does not exist, whereas \"does not refer to a network namespace path\" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that \"we will report back to the user that the open() failed but the user has no way of knowing why it failed\"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.",
"id": "GHSA-qv29-rjwj-jjrm",
"modified": "2023-01-09T15:30:23Z",
"published": "2023-01-01T06:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47952"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591/comments/45"
},
{
"type": "WEB",
"url": "https://github.com/MaherAzzouzi/CVE-2022-47952"
},
{
"type": "WEB",
"url": "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/lxc.spec.in#L274"
},
{
"type": "WEB",
"url": "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/src/lxc/cmd/lxc_user_nic.c#L1085-L1104"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00025.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QV68-C8R2-QJC7
Vulnerability from github – Published: 2022-10-12 12:00 – Updated: 2025-01-03 00:31Windows Mixed Reality Developer Tools Information Disclosure Vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-37974"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-11T19:15:00Z",
"severity": "MODERATE"
},
"details": "Windows Mixed Reality Developer Tools Information Disclosure Vulnerability.",
"id": "GHSA-qv68-c8r2-qjc7",
"modified": "2025-01-03T00:31:05Z",
"published": "2022-10-12T12:00:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37974"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37974"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37974"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.