Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1251 vulnerabilities reference this CWE, most recent first.

GHSA-353R-FQP4-G8F7

Vulnerability from github – Published: 2023-09-22 06:30 – Updated: 2024-04-04 07:48
VLAI
Details

Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it has been created by a local adversary before Cadence started. The adversary can then delete the file, disrupting Cadence.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-43782"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-22T06:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it has been created by a local adversary before Cadence started. The adversary can then delete the file, disrupting Cadence.",
  "id": "GHSA-353r-fqp4-g8f7",
  "modified": "2024-04-04T07:48:16Z",
  "published": "2023-09-22T06:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43782"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1213983"
    },
    {
      "type": "WEB",
      "url": "https://github.com/falkTX/Cadence"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/10/05/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-376Q-348X-JWW4

Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2024-04-04 01:29
VLAI
Details

cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-20947"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-01T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356).",
  "id": "GHSA-376q-348x-jww4",
  "modified": "2024-04-04T01:29:32Z",
  "published": "2022-05-24T16:52:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20947"
    },
    {
      "type": "WEB",
      "url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-37F3-8H34-H4XF

Vulnerability from github – Published: 2023-11-01 18:30 – Updated: 2023-11-01 18:30
VLAI
Details

A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3972"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-379",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-01T16:15:08Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).",
  "id": "GHSA-37f3-8h34-h4xf",
  "modified": "2023-11-01T18:30:33Z",
  "published": "2023-11-01T18:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3972"
    },
    {
      "type": "WEB",
      "url": "https://github.com/RedHatInsights/insights-core/pull/3878"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:6264"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:6282"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:6283"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:6284"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:6795"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:6796"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:6798"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:6811"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-3972"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2227027"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-385F-VGQ7-8HHX

Vulnerability from github – Published: 2022-10-01 00:00 – Updated: 2024-04-23 23:43
VLAI
Summary
Moodle No groups filtering in H5P activity attempts report
Details

The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.9"
            },
            {
              "fixed": "3.9.17"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.11"
            },
            {
              "fixed": "3.11.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0"
            },
            {
              "fixed": "4.0.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-40316"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668",
      "CWE-862"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-23T23:43:22Z",
    "nvd_published_at": "2022-09-30T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.",
  "id": "GHSA-385f-vgq7-8hhx",
  "modified": "2024-04-23T23:43:22Z",
  "published": "2022-10-01T00:00:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40316"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128151"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/moodle/moodle"
    },
    {
      "type": "WEB",
      "url": "https://moodle.org/mod/forum/discuss.php?d=438395"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Moodle No groups filtering in H5P activity attempts report"
}

GHSA-385W-HJPP-R4CX

Vulnerability from github – Published: 2023-06-13 21:30 – Updated: 2024-04-04 04:47
VLAI
Details

Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-34114"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-13T19:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10  may allow an authenticated user to potentially enable information disclosure via network access. ",
  "id": "GHSA-385w-hjpp-r4cx",
  "modified": "2024-04-04T04:47:52Z",
  "published": "2023-06-13T21:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34114"
    },
    {
      "type": "WEB",
      "url": "https://explore.zoom.us/en/trust/security/security-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-38MR-J9VC-WXC8

Vulnerability from github – Published: 2021-11-21 00:00 – Updated: 2024-02-27 23:36
VLAI
Details

Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user can gain access to SNMP authentication failure messages.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-36319"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-665",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-20T02:15:00Z",
    "severity": "LOW"
  },
  "details": "Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user can gain access to SNMP authentication failure messages.",
  "id": "GHSA-38mr-j9vc-wxc8",
  "modified": "2024-02-27T23:36:29Z",
  "published": "2021-11-21T00:00:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36319"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000193076"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-38MV-W2Q2-HPQQ

Vulnerability from github – Published: 2022-07-26 00:00 – Updated: 2022-08-02 00:00
VLAI
Details

IBM Security Verify Information Queue 10.0.2 could allow a user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 230818.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-35288"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-25T18:23:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Security Verify Information Queue 10.0.2 could allow a user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 230818.",
  "id": "GHSA-38mv-w2q2-hpqq",
  "modified": "2022-08-02T00:00:33Z",
  "published": "2022-07-26T00:00:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35288"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230818"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6606831"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-398H-7F66-3H4P

Vulnerability from github – Published: 2026-07-15 22:44 – Updated: 2026-07-15 22:44
VLAI
Summary
open-feature-operator: Cross-namespace FeatureFlagSource and InProcessConfiguration resolution exposes spec contents on multi-tenant clusters
Details

Summary

A namespaced FeatureFlagSource or InProcessConfiguration resource can be referenced cross-namespace via the openfeature.dev/featureflagsource annotation using the documented {NAMESPACE}/{NAME} syntax. The operator resolves the referenced resource cluster-wide and materializes its contents (env vars, flagd sidecar arguments including httpSyncBearerToken, sync URIs, supporting ConfigMaps) into the referencing workload.

On multi-tenant clusters that treat namespaces as trust boundaries, a tenant who can deploy a controller-owned workload in their own namespace can cause the operator to read another tenant's FeatureFlagSource / InProcessConfiguration spec contents.

Impact

  • Single-tenant clusters: not impacted.
  • Multi-tenant clusters using namespaces as trust boundaries: tenant-to-tenant disclosure of any data placed inline in FeatureFlagSource / InProcessConfiguration spec, including spec.envVars literal values, spec.httpSyncBearerToken, and sync URIs.

Behavior is documented

The cross-namespace {NAMESPACE}/{NAME} annotation syntax is intentional and documented in docs/annotations.md and docs/feature_flag_source.md. The operator's cluster-wide RBAC scope is intentional. Namespace-as-trust-boundary is not part of the operator's current stated security model.

This advisory makes the tenancy assumption explicit and tracks the architectural change that will eliminate the implicit cross-namespace pattern.

Corrections to the original report

Two technical points in the original report require correction:

  1. secretKeyRef / configMapKeyRef cross-namespace disclosure is not possible via this path. Kubelet resolves these as LocalObjectReference against the pod's own namespace; the operator does not bypass that. The actual disclosure surface is FeatureFlagSource / InProcessConfiguration spec contents the operator itself materializes (inline envVars values, httpSyncBearerToken, sync URIs).
  2. create featureflagsources is not a prerequisite. The webhook rejects pods without OwnerReferences (pod_webhook.go:75-77), so the prerequisite is create on a workload controller (deployments, statefulsets, daemonsets, jobs, cronjobs, replicasets) in a namespace the attacker controls. FeatureFlagSource create in any namespace is not required.

Mitigations

As with any Kubernetes CRD, treat the spec content of FeatureFlagSource and InProcessConfiguration as readable by anyone with read access to the resource, and don't place plaintext secrets in CR spec fields. Fields most likely to bite users:

  • spec.sources[].source, when the URI embeds credentials (e.g. https://user:pass@host/repo)
  • spec.sources[].certPath, if the path itself is sensitive
  • inline spec.envVars[].value (use valueFrom.secretKeyRef instead; kubelet enforces same-namespace resolution and the secret value is not stored in the CR)

If developers treat namespaces as trust boundaries:

  • restrict create on featureflagsources / inprocessconfigurations via RBAC where feasible,

Roadmap

A future release will introduce explicit cluster-scoped CRDs (ClusterFeatureFlagSource, ClusterInProcessConfiguration) and remove implicit cross-namespace resolution. This is a breaking change tracked in #847.

Precedent

This class of issue (authenticated namespace tenant abuses an unenforced cluster-wide surface that crosses an assumed namespace boundary) has Kubernetes precedent: CVE-2020-8554 (External IPs) was accepted as documented posture and mitigated via an opt-in admission plugin.

Credit

Reported by @0xVijay. Thanks for the disclosure. This appears to be an example of https://cwe.mitre.org/data/definitions/668.html. In terms of how it ended up here, it's more of an unimplemented security feature than an "bug". It seems to deviate from reasonable expectations and conventions in the K8s ecosystem. See https://nvd.nist.gov/vuln/detail/cve-2020-8554 as an example of a comparable vulnerability.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/open-feature/open-feature-operator"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.9.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-54495"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-15T22:44:48Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nA namespaced `FeatureFlagSource` or `InProcessConfiguration` resource can be referenced cross-namespace via the `openfeature.dev/featureflagsource` annotation using the documented `{NAMESPACE}/{NAME}` syntax. The operator resolves the referenced resource cluster-wide and materializes its contents (env vars, flagd sidecar arguments including `httpSyncBearerToken`, sync URIs, supporting ConfigMaps) into the referencing workload.\n\nOn multi-tenant clusters that treat namespaces as trust boundaries, a tenant who can deploy a controller-owned workload in their own namespace can cause the operator to read another tenant\u0027s `FeatureFlagSource` / `InProcessConfiguration` spec contents.\n\n## Impact\n\n- **Single-tenant clusters**: not impacted.\n- **Multi-tenant clusters using namespaces as trust boundaries**: tenant-to-tenant disclosure of any data placed inline in `FeatureFlagSource` / `InProcessConfiguration` spec, including `spec.envVars` literal values, `spec.httpSyncBearerToken`, and sync URIs.\n\n## Behavior is documented\n\nThe cross-namespace `{NAMESPACE}/{NAME}` annotation syntax is intentional and documented in [`docs/annotations.md`](https://github.com/open-feature/open-feature-operator/blob/main/docs/annotations.md) and [`docs/feature_flag_source.md`](https://github.com/open-feature/open-feature-operator/blob/main/docs/feature_flag_source.md). The operator\u0027s cluster-wide RBAC scope is intentional. Namespace-as-trust-boundary is not part of the operator\u0027s current stated security model.\n\nThis advisory makes the tenancy assumption explicit and tracks the architectural change that will eliminate the implicit cross-namespace pattern.\n\n## Corrections to the original report\n\nTwo technical points in the original report require correction:\n\n1. **`secretKeyRef` / `configMapKeyRef` cross-namespace disclosure is not possible via this path.** Kubelet resolves these as `LocalObjectReference` against the pod\u0027s own namespace; the operator does not bypass that. The actual disclosure surface is `FeatureFlagSource` / `InProcessConfiguration` spec contents the operator itself materializes (inline `envVars` values, `httpSyncBearerToken`, sync URIs).\n2. **`create featureflagsources` is not a prerequisite.** The webhook rejects pods without OwnerReferences ([`pod_webhook.go:75-77`](https://github.com/open-feature/open-feature-operator/blob/main/internal/webhook/pod_webhook.go#L75)), so the prerequisite is `create` on a workload controller (`deployments`, `statefulsets`, `daemonsets`, `jobs`, `cronjobs`, `replicasets`) in a namespace the attacker controls. `FeatureFlagSource` create in any namespace is not required.\n\n## Mitigations\n\nAs with any Kubernetes CRD, treat the spec content of `FeatureFlagSource` and `InProcessConfiguration` as readable by anyone with read access to the resource, and don\u0027t place plaintext secrets in CR spec fields. Fields most likely to bite users:\n\n- `spec.sources[].source`, when the URI embeds credentials (e.g. `https://user:pass@host/repo`)\n- `spec.sources[].certPath`, if the path itself is sensitive\n- inline `spec.envVars[].value` (use `valueFrom.secretKeyRef` instead; kubelet enforces same-namespace resolution and the secret value is not stored in the CR)\n\nIf developers treat namespaces as trust boundaries:\n\n- restrict `create` on `featureflagsources` / `inprocessconfigurations` via RBAC where feasible,\n\n## Roadmap\n\nA future release will introduce explicit cluster-scoped CRDs (`ClusterFeatureFlagSource`, `ClusterInProcessConfiguration`) and remove implicit cross-namespace resolution. This is a breaking change tracked in [#847](https://github.com/open-feature/open-feature-operator/issues/847).\n\n## Precedent\n\nThis class of issue (authenticated namespace tenant abuses an unenforced cluster-wide surface that crosses an assumed namespace boundary) has Kubernetes precedent: CVE-2020-8554 (External IPs) was accepted as documented posture and mitigated via an opt-in admission plugin.\n\n## Credit\n\nReported by @0xVijay. Thanks for the disclosure. This appears to be an example of https://cwe.mitre.org/data/definitions/668.html. In terms of how it ended up here, it\u0027s more of an unimplemented security feature than an \"bug\". It seems to deviate from reasonable expectations and conventions in the K8s ecosystem. See https://nvd.nist.gov/vuln/detail/cve-2020-8554 as an example of a comparable vulnerability.",
  "id": "GHSA-398h-7f66-3h4p",
  "modified": "2026-07-15T22:44:48Z",
  "published": "2026-07-15T22:44:48Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/open-feature/open-feature-operator/security/advisories/GHSA-398h-7f66-3h4p"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open-feature/open-feature-operator/issues/847"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/open-feature/open-feature-operator"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "open-feature-operator: Cross-namespace FeatureFlagSource and InProcessConfiguration resolution exposes spec contents on multi-tenant clusters"
}

GHSA-3C33-3465-FHX2

Vulnerability from github – Published: 2021-09-08 17:27 – Updated: 2021-07-26 19:20
VLAI
Summary
Exposure of Resource to Wrong Sphere in LibreNMS
Details

An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "librenms/librenms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.65.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-15877"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-07-26T19:20:01Z",
    "nvd_published_at": "2020-07-21T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of \"\u0027guard\u0027 =\u003e \u0027admin\u0027\" instead of \"\u0027middleware\u0027 =\u003e [\u0027can:admin\u0027]\" in routes/web.php.",
  "id": "GHSA-3c33-3465-fhx2",
  "modified": "2021-07-26T19:20:01Z",
  "published": "2021-09-08T17:27:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15877"
    },
    {
      "type": "WEB",
      "url": "https://github.com/librenms/librenms/pull/11915"
    },
    {
      "type": "WEB",
      "url": "https://github.com/librenms/librenms/commit/e5bb6d80bc308fc56b9a01ffb76c34159995353c"
    },
    {
      "type": "WEB",
      "url": "https://community.librenms.org/c/announcements"
    },
    {
      "type": "WEB",
      "url": "https://github.com/librenms/librenms/compare/1.65...1.65.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/librenms/librenms/releases/tag/1.65.1"
    },
    {
      "type": "WEB",
      "url": "https://shielder.it/blog"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Exposure of Resource to Wrong Sphere in LibreNMS"
}

GHSA-3C6C-GJPG-QQ92

Vulnerability from github – Published: 2022-02-17 00:00 – Updated: 2025-05-05 18:31
VLAI
Details

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-25236"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-16T01:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.",
  "id": "GHSA-3c6c-gjpg-qq92",
  "modified": "2025-05-05T18:31:37Z",
  "published": "2022-02-17T00:00:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libexpat/libexpat/pull/561"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202209-24"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220303-0008"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5085"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.