CWE-668
DiscouragedExposure of Resource to Wrong Sphere
Abstraction: Class · Status: Draft
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
1252 vulnerabilities reference this CWE, most recent first.
GHSA-7VR7-CGHH-CH63
Vulnerability from github – Published: 2023-06-20 16:45 – Updated: 2023-06-20 16:45Impact
The mail obfuscation configuration was not fully taken into account and while the mail displayed to the end user was obfuscated: - the rest response was also containing the mail unobfuscated - user were able to filter and sort on the unobfuscated (allowing to infer the mail content)
The consequence was the possibility to retrieve the email addresses of all users even when obfuscated.
See https://jira.xwiki.org/browse/XWIKI-20333 for the reproduction steps.
Patches
This has been patched in XWiki 14.10.4, XWiki 14.4.8, and XWiki 15.0-rc-1.
Workarounds
The workaround is to modify the page XWiki.LiveTableResultsMacros following this patch.
References
https://jira.xwiki.org/browse/XWIKI-20333
For more information
If you have any questions or comments about this advisory:
- Open an issue in Jira XWiki.org
- Email us at Security Mailing List
Attribution
This vulnerability has been reported on Intigriti by @floerer
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-livetable-ui"
},
"ranges": [
{
"events": [
{
"introduced": "3.5-milestone-1"
},
{
"fixed": "14.4.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-livetable-ui"
},
"ranges": [
{
"events": [
{
"introduced": "14.5"
},
{
"fixed": "14.10.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-34467"
],
"database_specific": {
"cwe_ids": [
"CWE-402",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2023-06-20T16:45:32Z",
"nvd_published_at": "2023-06-23T17:15:09Z",
"severity": "HIGH"
},
"details": "### Impact\nThe mail obfuscation configuration was not fully taken into account and while the mail displayed to the end user was obfuscated:\n- the rest response was also containing the mail unobfuscated\n- user were able to filter and sort on the unobfuscated (allowing to infer the mail content)\n\nThe consequence was the possibility to retrieve the email addresses of all users even when obfuscated.\n\nSee https://jira.xwiki.org/browse/XWIKI-20333 for the reproduction steps.\n\n### Patches\nThis has been patched in XWiki 14.10.4, XWiki 14.4.8, and XWiki 15.0-rc-1.\n\n### Workarounds\nThe workaround is to modify the page `XWiki.LiveTableResultsMacros` following this [patch](https://github.com/xwiki/xwiki-platform/commit/71f889db9962df2d385f4298e29cfbc9050b828a#diff-5a739e5865b1f1ad9d79b724791be51b0095a0170cc078911c940478b13b949a).\n\n### References\n\nhttps://jira.xwiki.org/browse/XWIKI-20333\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)\n* Email us at [Security Mailing List](mailto:security@xwiki.org)\n\n### Attribution\n\nThis vulnerability has been reported on Intigriti by @floerer",
"id": "GHSA-7vr7-cghh-ch63",
"modified": "2023-06-20T16:45:32Z",
"published": "2023-06-20T16:45:32Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7vr7-cghh-ch63"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34467"
},
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/commit/71f889db9962df2d385f4298e29cfbc9050b828a#diff-5a739e5865b1f1ad9d79b724791be51b0095a0170cc078911c940478b13b949a"
},
{
"type": "PACKAGE",
"url": "https://github.com/xwiki/xwiki-platform"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-20333"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "XWiki Platform may retrieve email addresses of all users "
}
GHSA-7VRG-482W-5MFQ
Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.restore.del_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filenames parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete any files accessible to the Administrator user. Was ZDI-CAN-5104.
{
"affected": [],
"aliases": [
"CVE-2017-16593"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-23T01:29:00Z",
"severity": "MODERATE"
},
"details": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.restore.del_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filenames parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete any files accessible to the Administrator user. Was ZDI-CAN-5104.",
"id": "GHSA-7vrg-482w-5mfq",
"modified": "2022-05-13T01:37:24Z",
"published": "2022-05-13T01:37:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16593"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-17-958"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7VXG-F9RP-JRR5
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-10-25 19:00An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group could access all of the enterprise runner groups within the organization because of improper authentication checks during the request. This could cause code to be run unintentionally by the incorrect runner group. This vulnerability affected GitHub Enterprise Server versions from 3.0.0 to 3.0.15 and 3.1.0 to 3.1.7 and was fixed in 3.0.16 and 3.1.8 releases.
{
"affected": [],
"aliases": [
"CVE-2021-22869"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-24T18:15:00Z",
"severity": "CRITICAL"
},
"details": "An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group could access all of the enterprise runner groups within the organization because of improper authentication checks during the request. This could cause code to be run unintentionally by the incorrect runner group. This vulnerability affected GitHub Enterprise Server versions from 3.0.0 to 3.0.15 and 3.1.0 to 3.1.7 and was fixed in 3.0.16 and 3.1.8 releases.",
"id": "GHSA-7vxg-f9rp-jrr5",
"modified": "2022-10-25T19:00:34Z",
"published": "2022-05-24T19:15:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22869"
},
{
"type": "WEB",
"url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.16"
},
{
"type": "WEB",
"url": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7W77-5FQ4-867J
Vulnerability from github – Published: 2022-07-27 00:00 – Updated: 2022-07-29 00:00Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2022-1498"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-26T22:15:00Z",
"severity": "MODERATE"
},
"details": "Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"id": "GHSA-7w77-5fq4-867j",
"modified": "2022-07-29T00:00:24Z",
"published": "2022-07-27T00:00:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1498"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1297138"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-25"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7WG4-8M5P-HRFG
Vulnerability from github – Published: 2022-11-10 12:01 – Updated: 2023-05-22 18:33HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/hashicorp/nomad"
},
"ranges": [
{
"events": [
{
"introduced": "1.4.0"
},
{
"fixed": "1.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-3866"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2022-11-10T23:51:44Z",
"nvd_published_at": "2022-11-10T06:15:00Z",
"severity": "MODERATE"
},
"details": "HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under `nomad/` that belong to other jobs in the same namespace. Fixed in 1.4.2.",
"id": "GHSA-7wg4-8m5p-hrfg",
"modified": "2023-05-22T18:33:41Z",
"published": "2022-11-10T12:01:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3866"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/nomad/commit/3b24f26603e2b116ba324101afa8a7e3a7a769a5"
},
{
"type": "WEB",
"url": "https://discuss.hashicorp.com/t/hcsec-2022-25-nomad-s-workload-identity-token-can-list-non-sensitive-metadata-for-nomad-paths/46167"
},
{
"type": "PACKAGE",
"url": "https://github.com/hashicorp/nomad"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "HashiCorp Nomad vulnerable to non-sensitive metadata exposure"
}
GHSA-7WHC-54GW-FXFM
Vulnerability from github – Published: 2023-05-10 15:30 – Updated: 2023-11-24 09:30Exposure of resource to wrong sphere in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
{
"affected": [],
"aliases": [
"CVE-2022-38087"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-10T14:15:13Z",
"severity": "MODERATE"
},
"details": "Exposure of resource to wrong sphere in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.",
"id": "GHSA-7whc-54gw-fxfm",
"modified": "2023-11-24T09:30:28Z",
"published": "2023-05-10T15:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38087"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231124-0006"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00807.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7WPH-75G6-R67W
Vulnerability from github – Published: 2022-06-08 00:00 – Updated: 2022-06-15 00:00Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API.
{
"affected": [],
"aliases": [
"CVE-2022-30746"
],
"database_specific": {
"cwe_ids": [
"CWE-285",
"CWE-668",
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-07T19:15:00Z",
"severity": "HIGH"
},
"details": "Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API.",
"id": "GHSA-7wph-75g6-r67w",
"modified": "2022-06-15T00:00:23Z",
"published": "2022-06-08T00:00:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30746"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7XJ5-7PQH-PPG7
Vulnerability from github – Published: 2023-09-19 00:30 – Updated: 2024-04-04 07:43An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
{
"affected": [],
"aliases": [
"CVE-2023-39046"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-18T22:15:46Z",
"severity": "MODERATE"
},
"details": "An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.",
"id": "GHSA-7xj5-7pqh-ppg7",
"modified": "2024-04-04T07:43:30Z",
"published": "2023-09-19T00:30:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39046"
},
{
"type": "WEB",
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39046.md"
},
{
"type": "WEB",
"url": "http://tonton-teiwaiting.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-82G9-H5X7-73W7
Vulnerability from github – Published: 2022-12-01 21:30 – Updated: 2022-12-06 18:30IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID: 240829.
{
"affected": [],
"aliases": [
"CVE-2022-43901"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-01T19:15:00Z",
"severity": "MODERATE"
},
"details": "IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID: 240829.",
"id": "GHSA-82g9-h5x7-73w7",
"modified": "2022-12-06T18:30:18Z",
"published": "2022-12-01T21:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43901"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240829"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6842605"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-82R6-6MQQ-4V58
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present throughout the Versa servers.
{
"affected": [],
"aliases": [
"CVE-2018-16494"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-26T19:15:00Z",
"severity": "HIGH"
},
"details": "In VOS and overly permissive \"umask\" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present throughout the Versa servers.",
"id": "GHSA-82r6-6mqq-4v58",
"modified": "2022-05-24T19:03:19Z",
"published": "2022-05-24T19:03:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16494"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1168191"
}
],
"schema_version": "1.4.0",
"severity": []
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.