CWE-668
Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
CVE-2023-39171 (GCVE-0-2023-39171)
Vulnerability from cvelistv5
Published
2023-12-07 14:23
Modified
2025-11-04 19:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Summary
SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SENEC | Storage Box V1 |
Version: before Nov. 2023 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:17:39.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2023/Nov/2"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Storage Box V1",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "before Nov. 2023"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Storage Box V2",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "before Nov. 2023"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Storage Box V3",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "before Nov. 2023"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ph0s[4]"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "R0ckE7"
}
],
"datePublic": "2023-12-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials."
}
],
"value": "SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-07T14:23:57.124Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://seclists.org/fulldisclosure/2023/Nov/2"
}
],
"source": {
"defect": [
"CERT@VDE#64567"
],
"discovery": "UNKNOWN"
},
"title": "SENEC Storage Box V1,V2 and V3 accidentially expose a management interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-39171",
"datePublished": "2023-12-07T14:23:57.124Z",
"dateReserved": "2023-07-25T14:06:01.345Z",
"dateUpdated": "2025-11-04T19:17:39.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-4910 (GCVE-0-2023-4910)
Vulnerability from cvelistv5
Published
2023-11-06 12:49
Modified
2025-10-09 23:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Summary
A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Red Hat | Red Hat 3scale API Management Platform 2 |
cpe:/a:redhat:red_hat_3scale_amp:2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4910",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-31T15:18:13.339253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:12.993Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:52.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4910"
},
{
"name": "RHBZ#2238498",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238498"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "affected",
"packageName": "3scale-admin-portal",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
}
],
"datePublic": "2023-09-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T23:48:11.043Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4910"
},
{
"name": "RHBZ#2238498",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238498"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-12T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-09-12T00:00:00+00:00",
"value": "Made public."
}
],
"title": "3scale-admin-portal: logged out users tokens can be accessed",
"workarounds": [
{
"lang": "en",
"value": "No mitigation is yet available for this flaw."
}
],
"x_redhatCweChain": "CWE-668: Exposure of Resource to Wrong Sphere"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-4910",
"datePublished": "2023-11-06T12:49:37.751Z",
"dateReserved": "2023-09-12T08:57:04.299Z",
"dateUpdated": "2025-10-09T23:48:11.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13484 (GCVE-0-2024-13484)
Vulnerability from cvelistv5
Published
2025-01-28 17:54
Modified
2025-10-03 19:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Summary
A flaw was found in openshift-gitops-operator-container. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform monitoring stack, as the rule is rolled out cluster-wide when the label is applied.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Version: 0 ≤ |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13484",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T18:25:37.752075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:02:49.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/redhat-developer/gitops-operator",
"defaultStatus": "unaffected",
"packageName": "gitops-operator",
"versions": [
{
"lessThan": "1.13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.14::el8",
"cpe:/a:redhat:openshift_gitops:1.14::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/argocd-rhel8",
"product": "Red Hat OpenShift GitOps 1.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.14.4-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.14::el8",
"cpe:/a:redhat:openshift_gitops:1.14::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/argocd-rhel9",
"product": "Red Hat OpenShift GitOps 1.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.14.4-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.14::el8",
"cpe:/a:redhat:openshift_gitops:1.14::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/argo-rollouts-rhel8",
"product": "Red Hat OpenShift GitOps 1.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.14.4-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.14::el8",
"cpe:/a:redhat:openshift_gitops:1.14::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/console-plugin-rhel8",
"product": "Red Hat OpenShift GitOps 1.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.14.4-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.14::el8",
"cpe:/a:redhat:openshift_gitops:1.14::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/dex-rhel8",
"product": "Red Hat OpenShift GitOps 1.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.14.4-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.14::el8",
"cpe:/a:redhat:openshift_gitops:1.14::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/gitops-operator-bundle",
"product": "Red Hat OpenShift GitOps 1.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.14.4-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.14::el8",
"cpe:/a:redhat:openshift_gitops:1.14::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/gitops-rhel8",
"product": "Red Hat OpenShift GitOps 1.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.14.4-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.14::el8",
"cpe:/a:redhat:openshift_gitops:1.14::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/gitops-rhel8-operator",
"product": "Red Hat OpenShift GitOps 1.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.14.4-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.14::el8",
"cpe:/a:redhat:openshift_gitops:1.14::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/kam-delivery-rhel8",
"product": "Red Hat OpenShift GitOps 1.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.14.4-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.14::el8",
"cpe:/a:redhat:openshift_gitops:1.14::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/must-gather-rhel8",
"product": "Red Hat OpenShift GitOps 1.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.14.4-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.15::el9",
"cpe:/a:redhat:openshift_gitops:1.15::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/argocd-extensions-rhel8",
"product": "Red Hat OpenShift GitOps 1.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.15.2-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.15::el9",
"cpe:/a:redhat:openshift_gitops:1.15::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/argocd-rhel8",
"product": "Red Hat OpenShift GitOps 1.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.15.2-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.15::el9",
"cpe:/a:redhat:openshift_gitops:1.15::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/argocd-rhel9",
"product": "Red Hat OpenShift GitOps 1.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.15.2-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.15::el9",
"cpe:/a:redhat:openshift_gitops:1.15::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/argo-rollouts-rhel8",
"product": "Red Hat OpenShift GitOps 1.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.15.2-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.15::el9",
"cpe:/a:redhat:openshift_gitops:1.15::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/console-plugin-rhel8",
"product": "Red Hat OpenShift GitOps 1.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.15.2-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.15::el9",
"cpe:/a:redhat:openshift_gitops:1.15::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/dex-rhel8",
"product": "Red Hat OpenShift GitOps 1.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.15.2-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.15::el9",
"cpe:/a:redhat:openshift_gitops:1.15::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/gitops-operator-bundle",
"product": "Red Hat OpenShift GitOps 1.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.15.2-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.15::el9",
"cpe:/a:redhat:openshift_gitops:1.15::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/gitops-rhel8",
"product": "Red Hat OpenShift GitOps 1.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.15.2-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.15::el9",
"cpe:/a:redhat:openshift_gitops:1.15::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/gitops-rhel8-operator",
"product": "Red Hat OpenShift GitOps 1.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.15.2-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.15::el9",
"cpe:/a:redhat:openshift_gitops:1.15::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/must-gather-rhel8",
"product": "Red Hat OpenShift GitOps 1.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.15.2-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.16::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/gitops-rhel8-operator",
"product": "Red Hat OpenShift GitOps 1.16",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:4c56abf35c11af85501a8c4a2ec30b1f1efd28eee8af6d62e417846a40cde72e",
"versionType": "rpm"
}
]
}
],
"datePublic": "2025-01-28T17:43:15.879Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in openshift-gitops-operator-container. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform monitoring stack, as the rule is rolled out cluster-wide when the label is applied."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T19:09:42.412Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:7753",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7753"
},
{
"name": "RHSA-2025:8274",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:8274"
},
{
"name": "RHSA-2025:9506",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9506"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-13484"
},
{
"name": "RHBZ#2269376",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269376"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-13T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-01-28T17:43:15.879000+00:00",
"value": "Made public."
}
],
"title": "Openshift-gitops-operator-container: namespace isolation break",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-668: Exposure of Resource to Wrong Sphere"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-13484",
"datePublished": "2025-01-28T17:54:28.701Z",
"dateReserved": "2025-01-16T19:04:50.460Z",
"dateUpdated": "2025-10-03T19:09:42.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3019 (GCVE-0-2024-3019)
Vulnerability from cvelistv5
Published
2024-03-28 18:32
Modified
2025-08-27 12:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Summary
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer.
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Version: 4.3.4 ≤ |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3019",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-25T19:20:31.653267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:32:49.182Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:2566",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2566"
},
{
"name": "RHSA-2024:3264",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3264"
},
{
"name": "RHSA-2024:3321",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3321"
},
{
"name": "RHSA-2024:3322",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3322"
},
{
"name": "RHSA-2024:3323",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3323"
},
{
"name": "RHSA-2024:3324",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3324"
},
{
"name": "RHSA-2024:3325",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3325"
},
{
"name": "RHSA-2024:3392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3392"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-3019"
},
{
"name": "RHBZ#2271898",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271898"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/performancecopilot/pcp/",
"defaultStatus": "unaffected",
"packageName": "pcp",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "4.3.4",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.3.7-20.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.0.2-8.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.2.5-7.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.2.5-7.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.2.5-7.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.3.5-9.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.3.7-18.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:6.2.0-2.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.3.5-9.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:6.0.1-6.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jihwan Yoon (NAVER Cloud Security Analysis) for reporting this issue."
}
],
"datePublic": "2024-03-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the \u0027Metrics settings\u0027 page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T12:38:16.738Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:2566",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2566"
},
{
"name": "RHSA-2024:3264",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3264"
},
{
"name": "RHSA-2024:3321",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3321"
},
{
"name": "RHSA-2024:3322",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3322"
},
{
"name": "RHSA-2024:3323",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3323"
},
{
"name": "RHSA-2024:3324",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3324"
},
{
"name": "RHSA-2024:3325",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3325"
},
{
"name": "RHSA-2024:3392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3392"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-3019"
},
{
"name": "RHBZ#2271898",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271898"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-27T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-03-27T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Pcp: exposure of the redis server backend allows remote command execution via pmproxy",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this flaw, stop and disable the pmproxy.service or disable the Redis server backend via the pmproxy configuration file.\n\nTo stop and disable the pmproxy.service, run the following command:\n~~~\n# systemctl disable --now pmproxy.service\n~~~\n\nTo disable the Redis backend server via the pmproxy configuration file:\n~~~\n# sed -i \u0027s/redis.enabled = true/redis.enabled = false/g\u0027 /etc/pcp/pmproxy/pmproxy.conf\n# systemctl restart pmproxy.service\n~~~"
}
],
"x_redhatCweChain": "CWE-668: Exposure of Resource to Wrong Sphere"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-3019",
"datePublished": "2024-03-28T18:32:43.298Z",
"dateReserved": "2024-03-27T17:41:16.708Z",
"dateUpdated": "2025-08-27T12:38:16.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-12351 (GCVE-0-2025-12351)
Vulnerability from cvelistv5
Published
2025-10-27 15:03
Modified
2025-10-27 16:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of this product, service or offering (S35 Pinhole/Kit Camera to version 2025.08.28, S35 AI Fisheye & Dual Sensor/Micro Dome/Full Color Eyeball & Bullet Camera to version 2025.08.22, S35 Thermal Camera to version 2025.08.26).
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Honeywell | S35 3M/5M/8M/Pinhole/Kit Camera |
Version: 2022.02.28 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12351",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T15:14:48.505227Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T16:04:11.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "S35 3M/5M/8M/Pinhole/Kit Camera",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "2025.08.28",
"status": "affected",
"version": "2022.02.28",
"versionType": "date"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "S35 AI Fisheye\u0026Dual Sensor/Micro Dome/Full Color Eyeball\u0026Bullet Camera",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "2025.08.22",
"status": "affected",
"version": "2024.08.10",
"versionType": "date"
}
]
},
{
"defaultStatus": "unaffected",
"product": "S35 Thermal Camera",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "2025.08.26",
"status": "affected",
"version": "2024.10.21",
"versionType": "date"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of this product, service or offering (S35 Pinhole/Kit Camera to version 2025.08.28, S35 AI Fisheye \u0026amp; Dual Sensor/Micro Dome/Full Color Eyeball \u0026amp; Bullet Camera to version 2025.08.22, S35 Thermal Camera to version 2025.08.26).\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of this product, service or offering (S35 Pinhole/Kit Camera to version 2025.08.28, S35 AI Fisheye \u0026 Dual Sensor/Micro Dome/Full Color Eyeball \u0026 Bullet Camera to version 2025.08.22, S35 Thermal Camera to version 2025.08.26)."
}
],
"impacts": [
{
"capecId": "CAPEC-22",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-22 Exploiting Trust in Client"
}
]
},
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T15:03:57.602Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.honeywell.com/us/en/product-security"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Inadequate access control measure allows unauthorized users to access restricted administrative functions",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2025-12351",
"datePublished": "2025-10-27T15:03:57.602Z",
"dateReserved": "2025-10-27T14:59:57.822Z",
"dateUpdated": "2025-10-27T16:04:11.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-34064 (GCVE-0-2025-34064)
Vulnerability from cvelistv5
Published
2025-07-01 14:49
Modified
2025-07-01 15:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket (onelogin-adc-logs-production) without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. These logs may contain sensitive data such as directory tokens, user metadata, and environment configuration. This enables cross-tenant leakage of secrets, potentially allowing JWT signing key recovery and user impersonation.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| One Identity | OneLogin Active Directory Connector (ADC) |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34064",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T15:12:18.763125Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T15:12:31.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"AD Connector logging system and cloud configuration for log upload",
"Hardcoded S3 bucket name (onelogin-adc-logs-production)"
],
"product": "OneLogin Active Directory Connector (ADC)",
"vendor": "One Identity",
"versions": [
{
"lessThan": "6.1.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SpecterOps"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eA cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket (\u003ccode\u003eonelogin-adc-logs-production\u003c/code\u003e) without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. These logs may contain sensitive data such as directory tokens, user metadata, and environment configuration. This enables cross-tenant leakage of secrets, potentially allowing JWT signing key recovery and user impersonation.\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket (onelogin-adc-logs-production) without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. These logs may contain sensitive data such as directory tokens, user metadata, and environment configuration. This enables cross-tenant leakage of secrets, potentially allowing JWT signing key recovery and user impersonation."
}
],
"impacts": [
{
"capecId": "CAPEC-240",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-240 Resource Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T14:49:34.048Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://support.onelogin.com/product-notification/noti-00001768"
},
{
"tags": [
"technical-description"
],
"url": "https://specterops.io/blog/2025/06/10/onelogin-many-issues-how-i-pivoted-from-a-trial-tenant-to-compromising-customer-signing-keys/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/onelogin-ad-connector-account-compromise"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OneLogin AD Connector Log S3 Bucket Hijack Leading to Cross-Tenant Data Leakage",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34064",
"datePublished": "2025-07-01T14:49:34.048Z",
"dateReserved": "2025-04-15T19:15:22.549Z",
"dateUpdated": "2025-07-01T15:12:31.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-34075 (GCVE-0-2025-34075)
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Initially assigned to document an issues that allows guest VM to modify the host’s Vagrantfile via default synced folder, leading to host-side code execution. Rejected as CVE due to documented, intended behavior that does not violate a claimed security boundary. https://developer.hashicorp.com/vagrant/docs/synced-folders
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-07-16T13:23:44.080Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.\u003cbr\u003e\u003cbr\u003eInitially assigned to document an issues that allows guest VM to modify the host\u2019s \u003ccode\u003eVagrantfile\u003c/code\u003e via default synced folder, leading to host-side code execution. Rejected as CVE due to documented, intended behavior that does not violate a claimed security boundary.\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://developer.hashicorp.com/vagrant/docs/synced-folders\"\u003ehttps://developer.hashicorp.com/vagrant/docs/synced-folders\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.\n\nInitially assigned to document an issues that allows guest VM to modify the host\u2019s Vagrantfile via default synced folder, leading to host-side code execution. Rejected as CVE due to documented, intended behavior that does not violate a claimed security boundary.\u00a0 https://developer.hashicorp.com/vagrant/docs/synced-folders"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34075",
"datePublished": "2025-07-02T19:26:01.774Z",
"dateRejected": "2025-07-10T00:34:56.477Z",
"dateReserved": "2025-04-15T19:15:22.550Z",
"dateUpdated": "2025-07-16T13:23:44.080Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-34119 (GCVE-0-2025-34119)
Vulnerability from cvelistv5
Published
2025-07-16 21:04
Modified
2025-07-17 19:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A remote file disclosure vulnerability exists in EasyCafe Server 2.2.14, exploitable by unauthenticated remote attackers via TCP port 831. The server listens for a custom protocol where opcode 0x43 can be used to request arbitrary files by absolute path. If the file exists and is accessible, its content is returned without authentication. This flaw allows attackers to retrieve sensitive files such as system configuration, password files, or application data.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tinasoft | EasyCafe Server |
Version: 2.2.14 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34119",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T19:59:31.392804Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T19:59:53.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "EasyCafe Server",
"vendor": "Tinasoft",
"versions": [
{
"status": "affected",
"version": "2.2.14"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "R-73eN"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A remote file disclosure vulnerability exists in EasyCafe Server 2.2.14, exploitable by unauthenticated remote attackers via TCP port 831. The server listens for a custom protocol where opcode 0x43 can be used to request arbitrary files by absolute path. If the file exists and is accessible, its content is returned without authentication. This flaw allows attackers to retrieve sensitive files such as system configuration, password files, or application data."
}
],
"value": "A remote file disclosure vulnerability exists in EasyCafe Server 2.2.14, exploitable by unauthenticated remote attackers via TCP port 831. The server listens for a custom protocol where opcode 0x43 can be used to request arbitrary files by absolute path. If the file exists and is accessible, its content is returned without authentication. This flaw allows attackers to retrieve sensitive files such as system configuration, password files, or application data."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T21:04:35.633Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/misc/easycafe_server_fileaccess.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/39102"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/easy-cafe-server-remote-file-disclosure"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "EasyCafe Server 2.2.14 Remote File Disclosure via Opcode 0x43",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34119",
"datePublished": "2025-07-16T21:04:35.633Z",
"dateReserved": "2025-04-15T19:15:22.561Z",
"dateUpdated": "2025-07-17T19:59:53.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46707 (GCVE-0-2025-46707)
Vulnerability from cvelistv5
Published
2025-06-27 16:53
Modified
2025-07-02 14:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-668 - CWE - Exposure of Resource to Wrong Sphere
Summary
Software installed and running inside a Guest VM may override Firmware's state and gain access to the GPU.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Imagination Technologies | Graphics DDK |
Version: 1.15 RTM < Version: 1.17 RTM < Version: 1.18 RTM < Version: 23.2 RTM1 < Patch: 24.1 RTM |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-46707",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-02T14:25:23.371013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T14:26:00.627Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Linux",
"Android"
],
"product": "Graphics DDK",
"vendor": "Imagination Technologies",
"versions": [
{
"status": "affected",
"version": "1.15 RTM",
"versionType": "custom"
},
{
"status": "affected",
"version": "1.17 RTM",
"versionType": "custom"
},
{
"status": "affected",
"version": "1.18 RTM",
"versionType": "custom"
},
{
"lessThanOrEqual": "23.3 RTM",
"status": "affected",
"version": "23.2 RTM1",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "24.1 RTM",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Software installed and running inside a Guest VM may override Firmware\u0027s state and gain access to the GPU.\u003cbr\u003e"
}
],
"value": "Software installed and running inside a Guest VM may override Firmware\u0027s state and gain access to the GPU."
}
],
"impacts": [
{
"capecId": "CAPEC-480",
"descriptions": [
{
"lang": "en",
"value": "CAPEC - CAPEC-480: Escaping Virtualization (Version 3.9)"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE - CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T16:53:44.938Z",
"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"shortName": "imaginationtech"
},
"references": [
{
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GPU DDK - Guest VM can override its own FW VZ connection state after the FW has close it",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"assignerShortName": "imaginationtech",
"cveId": "CVE-2025-46707",
"datePublished": "2025-06-27T16:53:44.938Z",
"dateReserved": "2025-04-28T18:57:24.837Z",
"dateUpdated": "2025-07-02T14:26:00.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54126 (GCVE-0-2025-54126)
Vulnerability from cvelistv5
Published
2025-07-29 21:52
Modified
2025-07-30 18:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Summary
The WebAssembly Micro Runtime's (WAMR) iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface (WASI) and command line interface. In versions 2.4.0 and below, iwasm uses --addr-pool with an IPv4 address that lacks a subnet mask, allowing the system to accept all IP addresses. This can unintentionally expose the service to all incoming connections and bypass intended access restrictions. Services relying on --addr-pool for restricting access by IP may unintentionally become open to all external connections. This may lead to unauthorized access in production deployments, especially when users assume that specifying an IP without a subnet mask implies a default secure configuration. This is fixed in version 2.4.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| bytecodealliance | wasm-micro-runtime |
Version: < 2.4.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54126",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-30T18:12:10.571457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T18:12:22.511Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "wasm-micro-runtime",
"vendor": "bytecodealliance",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The WebAssembly Micro Runtime\u0027s (WAMR) iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface (WASI) and command line interface. In versions 2.4.0 and below, iwasm uses --addr-pool with an IPv4 address that lacks a subnet mask, allowing the system to accept all IP addresses. This can unintentionally expose the service to all incoming connections and bypass intended access restrictions. Services relying on --addr-pool for restricting access by IP may unintentionally become open to all external connections. This may lead to unauthorized access in production deployments, especially when users assume that specifying an IP without a subnet mask implies a default secure configuration. This is fixed in version 2.4.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T21:52:36.253Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/bytecodealliance/wasm-micro-runtime/security/advisories/GHSA-vh64-mfvw-pxqp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bytecodealliance/wasm-micro-runtime/security/advisories/GHSA-vh64-mfvw-pxqp"
},
{
"name": "https://github.com/bytecodealliance/wasm-micro-runtime/commit/121232a9957a069bbb04ebda053bdc72ab409e7a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bytecodealliance/wasm-micro-runtime/commit/121232a9957a069bbb04ebda053bdc72ab409e7a"
},
{
"name": "https://github.com/bytecodealliance/wasm-micro-runtime/releases/tag/WAMR-2.4.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bytecodealliance/wasm-micro-runtime/releases/tag/WAMR-2.4.1"
}
],
"source": {
"advisory": "GHSA-vh64-mfvw-pxqp",
"discovery": "UNKNOWN"
},
"title": "WebAssembly Micro Runtime\u0027s `--addr-pool` option allows all IPv4 addresses when subnet mask is not specified"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54126",
"datePublished": "2025-07-29T21:52:36.253Z",
"dateReserved": "2025-07-16T23:53:40.509Z",
"dateUpdated": "2025-07-30T18:12:22.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.