VYPR

CWE-668

Exposure of Resource to Wrong Sphere

ClassDraft

Description

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Hierarchy (View 1000)

CVEs mapped to this weakness (268)

page 14 of 14
  • CVE-2019-10365Jul 31, 2019
    risk 0.00cvss epss 0.00

    Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission.

  • CVE-2019-12274Jun 6, 2019
    risk 0.00cvss epss 0.01

    In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive…

  • CVE-2018-20321Apr 10, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated…

  • CVE-2013-4480Nov 18, 2013
    risk 0.00cvss epss 0.02

    Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.

  • CVE-2012-1846Mar 22, 2012
    risk 0.00cvss epss 0.04

    Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified…

  • CVE-2004-1489Dec 31, 2004
    risk 0.00cvss epss 0.02

    Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory.

  • CVE-2001-0892Nov 13, 2001
    risk 0.00cvss epss 0.02

    Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.

  • CVE-2001-0893Nov 13, 2001
    risk 0.00cvss epss 0.03

    Acme mini_httpd before 1.16 allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.