CWE-668
DiscouragedExposure of Resource to Wrong Sphere
Abstraction: Class · Status: Draft
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
1251 vulnerabilities reference this CWE, most recent first.
GHSA-42FH-PVVH-999X
Vulnerability from github – Published: 2025-04-16 15:33 – Updated: 2025-04-17 12:39Impact
This vulnerability impacts users of a subwiki of XWiki where Message Stream is enabled and use, if they configured their wiki to be closed by selecting "Prevent unregistered users to view pages" in the Administrations Rights.
The vulnerability is that any message sent in a subwiki to "everyone" is actually sent to the farm: any visitor of the main wiki will be able to see that message through the Dashboard, even if the subwiki is configured to be private.
Patches
This problem has not been patched and is not going to be patched in the future: Message Stream has been deprecated in XWiki 16.8.0RC1 and is not maintained anymore.
Workarounds
Message Stream is disabled by default, it's advised to keep it disabled from Administration > Social > Message Stream.
References
- https://jira.xwiki.org/browse/XWIKI-17154
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-messagestream"
},
"ranges": [
{
"events": [
{
"introduced": "5.0"
},
{
"last_affected": "16.7.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-32783"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-16T15:33:35Z",
"nvd_published_at": "2025-04-16T22:15:14Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nThis vulnerability impacts users of a subwiki of XWiki where Message Stream is enabled and use, if they configured their wiki to be closed by selecting \"Prevent unregistered users to view pages\" in the Administrations Rights. \n\nThe vulnerability is that any message sent in a subwiki to \"everyone\" is actually sent to the farm: any visitor of the main wiki will be able to see that message through the Dashboard, even if the subwiki is configured to be private.\n\n### Patches\n\nThis problem has not been patched and is not going to be patched in the future: Message Stream has been deprecated in XWiki 16.8.0RC1 and is not maintained anymore. \n\n### Workarounds\n\nMessage Stream is disabled by default, it\u0027s advised to keep it disabled from Administration \u003e Social \u003e Message Stream.\n\n### References\n\n * https://jira.xwiki.org/browse/XWIKI-17154",
"id": "GHSA-42fh-pvvh-999x",
"modified": "2025-04-17T12:39:18Z",
"published": "2025-04-16T15:33:35Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-42fh-pvvh-999x"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32783"
},
{
"type": "PACKAGE",
"url": "https://github.com/xwiki/xwiki-platform"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-17154"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Unregistered users can see \"public\" messages from a closed wiki via notifications from a different wiki"
}
GHSA-42G8-5X99-8WWM
Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-05-24 17:48Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.
{
"affected": [],
"aliases": [
"CVE-2021-31410"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-23T17:15:00Z",
"severity": "HIGH"
},
"details": "Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.",
"id": "GHSA-42g8-5x99-8wwm",
"modified": "2022-05-24T17:48:44Z",
"published": "2022-05-24T17:48:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31410"
},
{
"type": "WEB",
"url": "https://vaadin.com/security/cve-2021-31410"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-42WV-RQ8P-RM59
Vulnerability from github – Published: 2022-05-24 19:16 – Updated: 2022-05-24 19:16waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free.
{
"affected": [],
"aliases": [
"CVE-2020-21503"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-05T22:15:00Z",
"severity": "HIGH"
},
"details": "waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift\u0026a=addsave credit parameter to -1, the product is sold for free.",
"id": "GHSA-42wv-rq8p-rm59",
"modified": "2022-05-24T19:16:50Z",
"published": "2022-05-24T19:16:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21503"
},
{
"type": "WEB",
"url": "https://github.com/caokang/waimai/issues/15"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-438X-9G8X-78P5
Vulnerability from github – Published: 2023-06-13 21:30 – Updated: 2025-02-13 18:31ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality.
Additional Details
This issue is present in the following supported ServiceNow releases:
- Quebec prior to Patch 10 Hot Fix 8b
- Rome prior to Patch 10 Hot Fix 1
- San Diego prior to Patch 7
- Tokyo prior to Tokyo Patch 1; and
- Utah prior to Utah General Availability
If this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls.
{
"affected": [],
"aliases": [
"CVE-2022-43684"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-13T19:15:09Z",
"severity": "MODERATE"
},
"details": "ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality.\n\n\n\nAdditional Details\n\nThis issue is present in the following supported ServiceNow releases: \n\n\n\n * Quebec prior to Patch 10 Hot Fix 8b\n * Rome prior to Patch 10 Hot Fix 1\n * San Diego prior to Patch 7\n * Tokyo prior to Tokyo Patch 1; and \n * Utah prior to Utah General Availability \n\n\n\n\nIf this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls.",
"id": "GHSA-438x-9g8x-78p5",
"modified": "2025-02-13T18:31:37Z",
"published": "2023-06-13T21:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43684"
},
{
"type": "WEB",
"url": "https://news.ycombinator.com/item?id=36638530"
},
{
"type": "WEB",
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1303489"
},
{
"type": "WEB",
"url": "https://x64.sh/posts/ServiceNow-Insecure-access-control-to-admin"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/173354/ServiceNow-Insecure-Access-Control-Full-Admin-Compromise.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Jul/11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-43CW-WCF7-W8FV
Vulnerability from github – Published: 2022-03-19 00:00 – Updated: 2022-03-29 00:01An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 15.4 and iPadOS 15.4. An app may be able to learn information about the current camera view before being granted camera access.
{
"affected": [],
"aliases": [
"CVE-2022-22598"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-18T18:15:00Z",
"severity": "LOW"
},
"details": "An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 15.4 and iPadOS 15.4. An app may be able to learn information about the current camera view before being granted camera access.",
"id": "GHSA-43cw-wcf7-w8fv",
"modified": "2022-03-29T00:01:34Z",
"published": "2022-03-19T00:00:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22598"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213182"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-43J3-XVP9-VV7J
Vulnerability from github – Published: 2022-10-12 12:00 – Updated: 2022-10-14 19:00Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted.
{
"affected": [],
"aliases": [
"CVE-2022-39015"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-11T21:15:00Z",
"severity": "MODERATE"
},
"details": "Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted.",
"id": "GHSA-43j3-xvp9-vv7j",
"modified": "2022-10-14T19:00:39Z",
"published": "2022-10-12T12:00:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39015"
},
{
"type": "WEB",
"url": "https://launchpad.support.sap.com/#/notes/3239293"
},
{
"type": "WEB",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-43RF-FWX9-64W8
Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2022-07-13 00:01In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test function can be used to identify the listening TCP ports available to the server, revealing information about the internal network environment.
{
"affected": [],
"aliases": [
"CVE-2021-41590"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-27T14:15:00Z",
"severity": "MODERATE"
},
"details": "In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test function can be used to identify the listening TCP ports available to the server, revealing information about the internal network environment.",
"id": "GHSA-43rf-fwx9-64w8",
"modified": "2022-07-13T00:01:41Z",
"published": "2022-05-24T19:18:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41590"
},
{
"type": "WEB",
"url": "https://security.gradle.com"
},
{
"type": "WEB",
"url": "https://security.gradle.com/advisory/2021-07"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-43WV-W8Q4-MCVR
Vulnerability from github – Published: 2024-07-09 18:30 – Updated: 2025-10-22 00:33Windows MSHTML Platform Spoofing Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-38112"
],
"database_specific": {
"cwe_ids": [
"CWE-451",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-09T17:15:47Z",
"severity": "HIGH"
},
"details": "Windows MSHTML Platform Spoofing Vulnerability",
"id": "GHSA-43wv-w8q4-mcvr",
"modified": "2025-10-22T00:33:04Z",
"published": "2024-07-09T18:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38112"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38112"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38112"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-443J-7M97-75J3
Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37This vulnerability allows remote attackers to overwrite files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.templates.network.traffic_005freport_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5191.
{
"affected": [],
"aliases": [
"CVE-2017-16600"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-23T01:29:00Z",
"severity": "MODERATE"
},
"details": "This vulnerability allows remote attackers to overwrite files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.templates.network.traffic_005freport_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5191.",
"id": "GHSA-443j-7m97-75j3",
"modified": "2022-05-13T01:37:24Z",
"published": "2022-05-13T01:37:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16600"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-17-965"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/102528"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-44X5-VV7X-RXJ5
Vulnerability from github – Published: 2022-01-25 00:01 – Updated: 2023-08-08 15:31An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An attacker can enumerate users by changing the id parameter, such as for the ECM/maintenance/forgotpasswordstep1 URI.
{
"affected": [],
"aliases": [
"CVE-2022-23856"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-24T02:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An attacker can enumerate users by changing the id parameter, such as for the ECM/maintenance/forgotpasswordstep1 URI.",
"id": "GHSA-44x5-vv7x-rxj5",
"modified": "2023-08-08T15:31:37Z",
"published": "2022-01-25T00:01:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23856"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/692873"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.