Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-668 (将资源暴露给错误范围) — Vulnerability Class 129

129 vulnerabilities classified as CWE-668 (将资源暴露给错误范围). AI Chinese analysis included.

CWE-668 represents a critical access control weakness where software inadvertently exposes sensitive resources, such as files or directories, to unauthorized actors outside their intended security boundary. This vulnerability typically arises from misconfigured permissions, logic errors that target the wrong object, or flawed trust assumptions between different system spheres. Attackers exploit these flaws by leveraging improper access rights to read, modify, or delete protected data, often bypassing intended isolation mechanisms. To mitigate this risk, developers must enforce strict least-privilege principles, ensuring resources are accessible only to the specific processes or users requiring them. Implementing robust access control lists, validating object references before operations, and conducting thorough code reviews for permission settings are essential practices. By rigorously defining and enforcing security boundaries, organizations can prevent unintended data exposure and maintain the integrity of their system architecture against sphere-crossing attacks.

MITRE CWE Description
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. Resources such as files and directories may be inadvertently exposed through mechanisms such as insecure permissions, or when a program accidentally operates on the wrong object. For example, a program may intend that private files can only be provided to a specific user. This effectively defines a control sphere that is intended to prevent attackers from accessing these private files. If the file permissions are insecure, then parties other than the user will be able to access those files. A separate control sphere might effectively require that the user can only access the private files, but not any other files on the system. If the program does not ensure that the user is only requesting private files, then the user might be able to access other files on the system. In either case, the end result is that a resource has been exposed to the wrong party.
Common Consequences (3)
ConfidentialityRead Application Data
An adversary that gains access to a resource exposed to a wrong sphere could potentially retrieve private data from that resource, thus breaking the intended confidentiality of that data.
IntegrityModify Application Data
An adversary that gains access to a resource exposed to a wrong sphere could potentially modify data held within that resource, thus breaking the intended integrity of that data and causing the system relying on that resource to make unintended decisions.
OtherVaries by Context
The consequences may vary widely depending on how the product uses the affected resource.
CVE IDTitleCVSSSeverityPublished
CVE-2020-5386 Dell EMC ECS 安全漏洞 — Elastic Cloud Storage 7.5 -2020-09-02
CVE-2020-12020 Baxter ExactaMix EM2400和ExactaMix EM1200 安全漏洞 — Baxter ExactaMix EM 2400 & EM 1200 3.3 -2020-06-29
CVE-2020-10271 RVD#2555: MiR ROS computational graph is exposed to all network interfaces, including poorly secured wireless networks and open wired ones — MiR100 9.8 -2020-06-24
CVE-2020-12142 IPSec UDP key material can be retrieved from EdgeConnect by a user with admin credentials — 1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator,   3. EdgeConnect in AWS, Azure, GCP 4.8 Medium2020-05-05
CVE-2019-3682 Insecure API port exposed to all Master Node guest containers — SUSE CaaS Platform 3.0 8.4 High2020-01-17
CVE-2019-13546 Philips IntelliSpace Perinatal 安全漏洞 — IntelliSpace Perinatal 6.8 -2019-10-25
CVE-2019-12660 Cisco IOS XE Software ASIC Register Write Vulnerability — Cisco IOS XE Software 3.2.11aSG 5.5 -2019-09-25
CVE-2019-1848 Cisco DNA Center Authentication Bypass Vulnerability — Cisco Digital Network Architecture Center (DNA Center) 8.1 -2019-06-20
CVE-2018-8861 多款Philips Brilliance CT设备安全漏洞 — Brilliance CT Scanners 8.7 -2018-05-04

Vulnerabilities classified as CWE-668 (将资源暴露给错误范围) represent 129 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.