Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-402 (将私有的资源传输到一个新的空间(资源泄露)) — Vulnerability Class 22

22 vulnerabilities classified as CWE-402 (将私有的资源传输到一个新的空间(资源泄露)). AI Chinese analysis included.

CWE-402 represents a critical security weakness where software inadvertently exposes internal resources to untrusted external entities, violating intended access boundaries. This flaw typically arises when applications fail to properly validate or sanitize data during transmission, allowing attackers to intercept sensitive information such as session tokens, configuration details, or private user data. Exploitation often involves network sniffing or man-in-the-middle attacks, enabling adversaries to gain unauthorized access or escalate privileges by leveraging these leaked resources. To mitigate this risk, developers must implement robust access controls and encryption protocols, ensuring that data remains confidential during transit. Strict input validation and adherence to the principle of least privilege further prevent accidental exposure, safeguarding system integrity against unauthorized disclosure and maintaining trust within the application’s operational sphere.

MITRE CWE Description
The product makes resources available to untrusted parties when those resources are only intended to be accessed by the product.
Common Consequences (1)
ConfidentialityRead Application Data
CVE IDTitleCVSSSeverityPublished
CVE-2025-67745 Myhoard logs backup encryption key in plain text — myhoard 7.1 High2025-12-18
CVE-2025-66422 Tryton trytond 安全漏洞 — trytond 4.3 Medium2025-11-30
CVE-2025-55014 StarDict 安全漏洞 — StarDict 4.7 Medium2025-08-04
CVE-2025-49618 Plesk Obsidian 安全漏洞 — Obsidian 5.8 Medium2025-07-03
CVE-2025-52925 One Identity OneLogin Active Directory Connector 安全漏洞 — Active Directory Connector 5.0 Medium2025-07-02
CVE-2025-48383 Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking — django-select2 8.2 High2025-05-27
CVE-2025-32360 Zammad 安全漏洞 — Zammad 4.2 Medium2025-04-05
CVE-2025-29925 XWiki allows unregistered users to access private pages information through REST endpoint — xwiki-platform 5.3 -2025-03-19
CVE-2025-0502 Transmission of Private Resources into a New Sphere in Crafter Engine — CrafterCMS 9.1 -2025-01-15
CVE-2024-47146 Ruijie Reyee OS Resource Leak — Reyee OS 6.5 Medium2024-12-06
CVE-2024-29900 @electron/packager's build process memory potentially leaked into final executable — packager 7.5 High2024-03-29
CVE-2024-0443 Kernel: blkio memory leakage due to blkcg and some blkgs are not freed after they are made offline. 5.5 Medium2024-01-11
CVE-2022-3596 Instack-undercloud: rsync leaks information to undercloud — Red Hat OpenStack Platform 13.0 - ELS 7.5 High2023-09-20
CVE-2023-4569 Kernel: information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c — Kernel 5.5 Medium2023-08-28
CVE-2023-38509 XWiki Platform's obfuscated email addresses should not be sorted — xwiki-platform 4.3 Medium2023-07-27
CVE-2023-34467 XWiki Platform may retrieve email addresses of all users — xwiki-platform 7.5 High2023-06-23
CVE-2022-30231 Siemens SICAM GridEdge Essential 安全漏洞 — SICAM GridEdge (Classic) 4.9 Medium2022-06-14
CVE-2021-23264 Transmission of Private Resources into a New Sphere ('Resource Leak') and Exposure of Resource to Wrong Sphere in Crafter Search — Crafter CMS 8.1 High2021-12-02
CVE-2021-23263 Transmission of Private Resources into a New Sphere ('Resource Leak') in Crafter Engine — Crafter CMS 5.9 Medium2021-12-02
CVE-2021-31410 Project sources exposure in Vaadin Designer — Designer 8.6 High2021-04-23
CVE-2021-31407 Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19 — Vaadin 8.6 High2021-04-23
CVE-2017-8442 Elasticsearch X-Pack Security 信息泄露漏洞 — Elasticsearch X-Pack Security 6.5 -2017-07-07

Vulnerabilities classified as CWE-402 (将私有的资源传输到一个新的空间(资源泄露)) represent 22 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.