VYPR

CWE-435

Improper Interaction Between Multiple Correctly-Behaving Entities

PillarDraft

Description

An interaction error occurs when two entities have correct behavior when running independently of each other, but when they are integrated as components in a larger system or process, they introduce incorrect behaviors that may cause resultant weaknesses.

When a system or process combines multiple independent components, this often produces new, emergent behaviors at the system level. However, if the interactions between these components are not fully accounted for, some of the emergent behaviors can be incorrect or even insecure.

Hierarchy (View 1000)

CVEs mapped to this weakness (3)

  • CVE-2020-2287Oct 8, 2020
    risk 0.00cvss epss 0.01

    Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL.

  • CVE-2020-5255Mar 30, 2020
    risk 0.00cvss epss 0.01

    In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response's content and…

  • CVE-2020-2160Mar 25, 2020
    risk 0.00cvss epss 0.02

    Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.