CVEbaza.plSłownik CWECWE-610
Common Weakness Enumeration

CWE-610

Externally Controlled Reference to a Resource in Another Sphere

Kategoria: ClassCVE: 246
Opis

Produkt używa zewnętrznie kontrolowanej nazwy lub referencji, która rozwiązuje się do zasobu poza zamierzoną sferą kontroli. Może to prowadzić do dostępu do nieautoryzowanych zasobów lub obejścia mechanizmów bezpieczeństwa.

Description (EN)

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

Podatności CVE z CWE-610 (246)
10.0
CVSS
CRITICAL
CVE-2022-27593

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later

pub. 2022-09-08🚩 CISA KEV⚡ EXPLOIT
10.0
CVSS
CRITICAL
CVE-2019-7290

An access issue was addressed with additional sandbox restrictions. This issue is fixed in Shortcuts 2.1.3 for iOS. A sandboxed process may be able to circumvent sandbox restrictions.

pub. 2019-12-18
10.0
CVSS
CRITICAL
CVE-2017-16088

The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.

pub. 2018-06-07
9.9
CVSS
CRITICAL
CVE-2022-39206

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket (e.g. /var/run/docker.sock on Linux) is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daemon on the host machine. This is a known dangerous pattern, as it can be used to break out of Docker containers and, in most cases, gain root privileges on the host system. This issue allows regular (non-admin) users to potentially take over the build infrastructure of a OneDev instance. Attackers need to have an account (or be able to register one) and need permission to create a project. Since code.onedev.io has the right preconditions for this to be exploited by remote attackers, it could have been used to hijack builds of OneDev itself, e.g. by injecting malware into the docker images that are built and pushed to Docker Hub. The impact is increased by this as described before. Users are advised to upgrade to 7.3.0 or higher. There are no known workarounds for this issue.

pub. 2022-09-13
9.8
CVSS
CRITICAL
CVE-2022-20239

remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233972091

pub. 2022-08-10
9.8
CVSS
CRITICAL
CVE-2021-44041

UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim's machine or capture NTLM credentials by supplying a networked or WebDAV file path.

pub. 2021-12-14
9.8
CVSS
CRITICAL
CVE-2021-43685

libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function.

pub. 2021-12-01
9.8
CVSS
CRITICAL
CVE-2020-14057

Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. This allows attackers to read and write arbitrary local files, allowing an attacker to gain remote code execution in common deployments.

pub. 2020-07-01
9.8
CVSS
CRITICAL
CVE-2020-9752

Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe.

pub. 2020-03-23
9.6
CVSS
CRITICAL
CVE-2026-30903

Podatność w funkcji Mail aplikacji Zoom Workplace dla Windows umożliwia niezautoryzowanemu użytkownikowi eskalację uprawnień poprzez sieć. Wysoka ocena CVSS 9.6 wskazuje na poważne zagrożenie dla integralności, poufności i dostępności systemu.

pub. 2026-03-11
9.2
CVSS
CRITICAL
CVE-2026-47357

Tenable Terrascan w wersji v1.18.3 i wcześniejszych jest podatny na atak Server-Side Request Forgery (SSRF) poprzez parametr remote_url w endpoincie zdalnego skanowania katalogów. Atakujący bez uwierzytelnienia może odczytać lokalne pliki systemowe oraz wykraść dane uwierzytelniające przechowywane w pliku ~/.netrc.

pub. 2026-05-19
9.2
CVSS
CRITICAL
CVE-2026-47358

Tenable Terrascan w wersji 1.18.3 i wcześniejszych jest podatny na atak Server-Side Request Forgery (SSRF) podczas przetwarzania szablonów IaC (ARM lub CloudFormation) przesłanych do serwera. Podatność jest szczególnie groźna, ponieważ narzędzie nie wymaga uwierzytelnienia, działa domyślnie na interfejsie 0.0.0.0, a projekt nie otrzyma już żadnych poprawek — został zarchiwizowany w sierpniu 2023 r.

pub. 2026-05-19
9.1
CVSS
CRITICAL
CVE-2024-5823

W aplikacji gaizhenbiao/ChuanhuChatGPT w wersjach do 20240410 włącznie istnieje podatność umożliwiająca nieuwierzytelnionemu atakującemu zdalne nadpisanie krytycznych plików konfiguracyjnych systemu. Może to prowadzić do nieautoryzowanej zmiany zachowania aplikacji lub ustawień bezpieczeństwa, a także do wywołania stanu odmowy usługi (DoS).

pub. 2024-10-29
9.1
CVSS
CRITICAL
CVE-2024-32980

Podatność w narzędziu Spin (platforma do budowania aplikacji serverless na WebAssembly) umożliwia atakującemu wymuszenie na aplikacji wykonania żądań do dowolnych hostów poprzez manipulację nagłówkiem HTTP `Host`. Dotyczy wersji wcześniejszych niż 2.4.3 i może prowadzić do poważnego naruszenia poufności oraz integralności danych.

pub. 2024-05-08
9.1
CVSS
CRITICAL
CVE-2021-41244

Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users’ roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users' roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag.

pub. 2021-11-15
9.0
CVSS
CRITICAL
CVE-2025-22144

Oprogramowanie NamelessMC (platforma stron internetowych dla serwerów Minecraft) zawiera podatność umożliwiającą atakującemu zresetowanie hasła dowolnego użytkownika ręcznie zatwierdzonego przez administratora. Luka pozwala na całkowite przejęcie konta ofiary bez znajomości jej aktualnego hasła.

pub. 2025-01-13
9.0
CVSS
CRITICAL
CVE-2021-27648

Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via unspecified vectors.

pub. 2021-04-28
8.9
CVSS
HIGH
CVE-2024-42168

HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deploy a web server that returns malicious content, and then induce the application to retrieve and process that content.

pub. 2025-01-11
8.8
CVSS
HIGH
CVE-2026-57301

Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller.

pub. 2026-06-24
8.8
CVSS
HIGH
CVE-2026-40370

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.

pub. 2026-05-12
Pokazano 20 z 246 podatności
Informacje
ID: CWE-610
Typ: Class
Podatności: 246
MITRE CWE ↗
← Słownik CWE
CWE-610 — Zewnętrznie kontrolowana referencja do zasobu w innej sferze | Słownik CWE | CVEbaza.pl