CVEbaza.plCWE DictionaryCWE-344
Common Weakness Enumeration

CWE-344

Use of Invariant Value in Dynamically Changing Context

Category: BaseCVE: 3
Description

The product uses a constant value, name, or reference, but this value can (or should) vary across different environments.

CVE vulnerabilities with CWE-344 (3)
8.6
CVSS
HIGH
CVE-2023-22746

CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the `.env` file, that key was shared across different CKAN instances, making it easy to forge authentication requests. Users overriding the default secret key in their own `.env` file are not affected by this issue. Note that the legacy images (ckan/ckan) located in the main CKAN repo are not affected by this issue. The affected images are ckan/ckan-docker, (ckan/ckan-base images), okfn/docker-ckan (openknowledge/ckan-base and openknowledge/ckan-dev images) keitaroinc/docker-ckan (keitaro/ckan images).

pub. 2023-02-03
5.3
CVSS
MEDIUM
CVE-2022-36022

Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. Packages org.deeplearning4j:dl4j-examples and org.deeplearning4j:platform-tests through version 1.0.0-M2.1 may use some unclaimed S3 buckets in tests in examples. This is likely affect people who use some older NLP examples that reference an old S3 bucket. The problem has been patched. Users should upgrade to snapshots as Deeplearning4J plan to publish a release with the fix at a later date. As a workaround, download a word2vec google news vector from a new source using git lfs from here.

pub. 2022-11-10
5.1
CVSS
MEDIUM
CVE-2026-42961

ELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate handling of CSRF tokens. If a user views a malicious page while logged in, the user may be tricked to do unintended operations.

pub. 2026-05-13
Information
ID: CWE-344
Type: Base
Vulnerabilities: 3
MITRE CWE ↗
← CWE Dictionary
CWE-344 — Use of Invariant Value in Dynamically Changing Context | CWE Dictionary | CVEbaza.pl