CWE-668
DiscouragedExposure of Resource to Wrong Sphere
Abstraction: Class · Status: Draft
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
1251 vulnerabilities reference this CWE, most recent first.
GHSA-R8WG-4C92-9HWQ
Vulnerability from github – Published: 2022-06-08 00:00 – Updated: 2022-06-12 00:00Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.
{
"affected": [],
"aliases": [
"CVE-2022-30714"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-07T18:15:00Z",
"severity": "LOW"
},
"details": "Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.",
"id": "GHSA-r8wg-4c92-9hwq",
"modified": "2022-06-12T00:00:47Z",
"published": "2022-06-08T00:00:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30714"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R9XW-P7WJ-W792
Vulnerability from github – Published: 2023-05-10 15:30 – Updated: 2023-05-17 21:33The n8n package prior to 0.216.1 for Node.js allows Information Disclosure.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "n8n"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.216.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-27564"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2023-05-11T20:46:13Z",
"nvd_published_at": "2023-05-10T15:15:09Z",
"severity": "HIGH"
},
"details": "The n8n package prior to 0.216.1 for Node.js allows Information Disclosure.",
"id": "GHSA-r9xw-p7wj-w792",
"modified": "2023-05-17T21:33:32Z",
"published": "2023-05-10T15:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27564"
},
{
"type": "WEB",
"url": "https://github.com/n8n-io/n8n/pull/5525"
},
{
"type": "WEB",
"url": "https://github.com/n8n-io/n8n/commit/27adea70459329fc0dddabee69e10c9d1453835f"
},
{
"type": "PACKAGE",
"url": "https://github.com/n8n-io/n8n"
},
{
"type": "WEB",
"url": "https://github.com/n8n-io/n8n/releases/tag/n8n%400.216.1"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230622-0007"
},
{
"type": "WEB",
"url": "https://www.synacktiv.com/sites/default/files/2023-05/Synacktiv-N8N-Multiple-Vulnerabilities_0.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "n8n Information Disclosure vulnerability"
}
GHSA-RC83-8WMP-V9VX
Vulnerability from github – Published: 2023-07-11 18:31 – Updated: 2024-04-04 05:58Insecure temporary file in the installer for Zoom Rooms before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2023-34119"
],
"database_specific": {
"cwe_ids": [
"CWE-377",
"CWE-426",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-11T18:15:16Z",
"severity": "HIGH"
},
"details": " Insecure temporary file in the installer for Zoom Rooms before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.\n",
"id": "GHSA-rc83-8wmp-v9vx",
"modified": "2024-04-04T05:58:24Z",
"published": "2023-07-11T18:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34119"
},
{
"type": "WEB",
"url": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RCHM-QQ78-745R
Vulnerability from github – Published: 2022-02-11 00:00 – Updated: 2025-05-05 18:31Improper isolation of shared resources in network on chip for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.
{
"affected": [],
"aliases": [
"CVE-2021-33096"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-09T23:15:00Z",
"severity": "MODERATE"
},
"details": "Improper isolation of shared resources in network on chip for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.",
"id": "GHSA-rchm-qq78-745r",
"modified": "2025-05-05T18:31:31Z",
"published": "2022-02-11T00:00:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33096"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220210-0010"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00571.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RCVM-RQRR-GF3R
Vulnerability from github – Published: 2022-02-16 00:01 – Updated: 2023-08-08 15:31CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL.
{
"affected": [],
"aliases": [
"CVE-2022-23317"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-15T13:15:00Z",
"severity": "HIGH"
},
"details": "CobaltStrike \u003c=4.5 HTTP(S) listener does not determine whether the request URL begins with \"/\", and attackers can obtain relevant information by specifying the URL.",
"id": "GHSA-rcvm-rqrr-gf3r",
"modified": "2023-08-08T15:31:43Z",
"published": "2022-02-16T00:01:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23317"
},
{
"type": "WEB",
"url": "https://donghuangt1.com/writings/Stager"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RCW4-4C2J-R7WH
Vulnerability from github – Published: 2021-12-16 00:00 – Updated: 2022-07-13 00:01In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel
{
"affected": [],
"aliases": [
"CVE-2021-39648"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-15T19:15:00Z",
"severity": "MODERATE"
},
"details": "In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel",
"id": "GHSA-rcw4-4c2j-r7wh",
"modified": "2022-07-13T00:01:38Z",
"published": "2021-12-16T00:00:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39648"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2021-12-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RFHV-P4Q9-P4HF
Vulnerability from github – Published: 2022-02-10 00:00 – Updated: 2023-08-08 15:31A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage attack.
{
"affected": [],
"aliases": [
"CVE-2021-38130"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-04T23:15:00Z",
"severity": "MODERATE"
},
"details": "A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage attack.",
"id": "GHSA-rfhv-p4q9-p4hf",
"modified": "2023-08-08T15:31:37Z",
"published": "2022-02-10T00:00:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38130"
},
{
"type": "WEB",
"url": "https://portal.microfocus.com/s/article/KM000003667"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RFX6-9FCF-X5RC
Vulnerability from github – Published: 2021-12-16 00:00 – Updated: 2023-08-08 15:31Product: AndroidVersions: Android kernelAndroid ID: A-195580473References: N/A
{
"affected": [],
"aliases": [
"CVE-2021-1045"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-15T19:15:00Z",
"severity": "HIGH"
},
"details": "Product: AndroidVersions: Android kernelAndroid ID: A-195580473References: N/A",
"id": "GHSA-rfx6-9fcf-x5rc",
"modified": "2023-08-08T15:31:25Z",
"published": "2021-12-16T00:00:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1045"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2021-11-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RG37-CM33-X5HJ
Vulnerability from github – Published: 2023-08-24 09:30 – Updated: 2024-04-04 07:10A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which has the potential to facilitate the collection of information on ioLogik 4000 Series devices. This vulnerability may enable attackers to gather information for the purpose of assessing vulnerabilities and potential attack vectors.
{
"affected": [],
"aliases": [
"CVE-2023-4230"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-24T07:15:12Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which has the potential to facilitate the collection of information on ioLogik 4000 Series devices. This vulnerability may enable attackers to gather information for the purpose of assessing vulnerabilities and potential attack vectors.",
"id": "GHSA-rg37-cm33-x5hj",
"modified": "2024-04-04T07:10:26Z",
"published": "2023-08-24T09:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4230"
},
{
"type": "WEB",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230310-iologik-4000-series-multiple-web-server-vulnerabilities-and-improper-access-control-vulnerability"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RG56-4QHP-CJ7H
Vulnerability from github – Published: 2021-12-03 00:00 – Updated: 2022-08-31 00:00Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/, /templates/ and some of the files in /.git/* (non-binary).
{
"affected": [],
"aliases": [
"CVE-2021-23263"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-02T16:15:00Z",
"severity": "HIGH"
},
"details": "Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary).",
"id": "GHSA-rg56-4qhp-cj7h",
"modified": "2022-08-31T00:00:21Z",
"published": "2021-12-03T00:00:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23263"
},
{
"type": "WEB",
"url": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120106"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.