Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1252 vulnerabilities reference this CWE, most recent first.

GHSA-7563-75J9-6H5P

Vulnerability from github – Published: 2022-03-14 22:26 – Updated: 2022-03-15 21:47
VLAI
Summary
Sensitive Information Exposure in Sylius
Details

Impact

Any other user can view the data if the browser tab remains open after logging out. Once someone logs out and leaves the browser open, the potential attacker may use the back button to see the content exposed on given screens. No action may be performed though, and any website refresh will block further reads. It may, however, lead to a data leak, like for example customer details, payment gateway configuration, etc.- but only if these were pages checked by the administrator.

This vulnerability requires full access to the computer to take advantage of it.

Patches

The issue is fixed in versions: 1.9.10, 1.10.11, 1.11.2 and above.

Workarounds

The application must strictly redirect to the login page even when the browser back button is pressed. Another possibility is to set more strict cache policies for restricted content (like no-store). It can be achieved with the following class:

<?php

declare(strict_types=1);

namespace App\EventListener;

use App\SectionResolver\ShopCustomerAccountSubSection;
use Sylius\Bundle\AdminBundle\SectionResolver\AdminSection;
use Sylius\Bundle\CoreBundle\SectionResolver\SectionProviderInterface;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpKernel\Event\ResponseEvent;
use Symfony\Component\HttpKernel\KernelEvents;

final class CacheControlSubscriber implements EventSubscriberInterface
{
    /** @var SectionProviderInterface */
    private $sectionProvider;

    public function __construct(SectionProviderInterface $sectionProvider)
    {
        $this->sectionProvider = $sectionProvider;
    }

    public static function getSubscribedEvents(): array
    {
        return [
            KernelEvents::RESPONSE => 'setCacheControlDirectives',
        ];
    }

    public function setCacheControlDirectives(ResponseEvent $event): void
    {
        if (
            !$this->sectionProvider->getSection() instanceof AdminSection &&
            !$this->sectionProvider->getSection() instanceof ShopCustomerAccountSubSection
        ) {
            return;
        }

        $response = $event->getResponse();

        $response->headers->addCacheControlDirective('no-cache', true);
        $response->headers->addCacheControlDirective('max-age', '0');
        $response->headers->addCacheControlDirective('must-revalidate', true);
        $response->headers->addCacheControlDirective('no-store', true);
    }
}

After that register service in the container:

services:
    App\EventListener\CacheControlSubscriber:
        arguments: ['@sylius.section_resolver.uri_based_section_resolver']
        tags:
            - { name: kernel.event_subscriber, event: kernel.response }

The code above requires changes in ShopUriBasedSectionResolver in order to work. To backport mentioned logic, you need to replace the Sylius\Bundle\ShopBundle\SectionResolver\ShopUriBasedSectionResolver class with:

<?php

declare(strict_types=1);

namespace App\SectionResolver;

use Sylius\Bundle\CoreBundle\SectionResolver\SectionInterface;
use Sylius\Bundle\CoreBundle\SectionResolver\UriBasedSectionResolverInterface;
use Sylius\Bundle\ShopBundle\SectionResolver\ShopSection;

final class ShopUriBasedSectionResolver implements UriBasedSectionResolverInterface
{
    /** @var string */
    private $shopCustomerAccountUri;

    public function __construct(string $shopCustomerAccountUri = 'account')
    {
        $this->shopCustomerAccountUri = $shopCustomerAccountUri;
    }

    public function getSection(string $uri): SectionInterface
    {
        if (str_contains($uri, $this->shopCustomerAccountUri)) {
            return new ShopCustomerAccountSubSection();
        }

        return new ShopSection();
    }
}
services:
    sylius.section_resolver.shop_uri_based_section_resolver:
        class: App\SectionResolver\ShopUriBasedSectionResolver
        tags:
            - { name: sylius.uri_based_section_resolver, priority: -10 }

You also need to define a new subsection for the Customer Account that is used in the above services:

<?php

declare(strict_types=1);

namespace App\SectionResolver;

use Sylius\Bundle\ShopBundle\SectionResolver\ShopSection;

class ShopCustomerAccountSubSection extends ShopSection
{
}

References

  • Originally published at https://huntr.dev/

For more information

If you have any questions or comments about this advisory: * Open an issue in Sylius issues * Email us at security@sylius.com

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "sylius/sylius"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.9.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "sylius/sylius"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.10"
            },
            {
              "fixed": "1.10.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "sylius/sylius"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.11"
            },
            {
              "fixed": "1.11.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-24742"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-213",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-03-14T22:26:58Z",
    "nvd_published_at": "2022-03-14T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nAny other user can view the data if the browser tab remains open after logging out. Once someone logs out and leaves the browser open, the potential attacker may use the back button to see the content exposed on given screens. No action may be performed though, and any website refresh will block further reads. It may, however, lead to a data leak, like for example customer details, payment gateway configuration, etc.- but only if these were pages checked by the administrator. \n\nThis vulnerability requires full access to the computer to take advantage of it.\n\n### Patches\nThe issue is fixed in versions: 1.9.10, 1.10.11, 1.11.2 and above.\n\n### Workarounds\nThe application must strictly redirect to the login page even when the browser back button is pressed. Another possibility is to set more strict cache policies for restricted content (like no-store). It can be achieved with the following class:\n\n```php\n\u003c?php\n\ndeclare(strict_types=1);\n\nnamespace App\\EventListener;\n\nuse App\\SectionResolver\\ShopCustomerAccountSubSection;\nuse Sylius\\Bundle\\AdminBundle\\SectionResolver\\AdminSection;\nuse Sylius\\Bundle\\CoreBundle\\SectionResolver\\SectionProviderInterface;\nuse Symfony\\Component\\EventDispatcher\\EventSubscriberInterface;\nuse Symfony\\Component\\HttpKernel\\Event\\ResponseEvent;\nuse Symfony\\Component\\HttpKernel\\KernelEvents;\n\nfinal class CacheControlSubscriber implements EventSubscriberInterface\n{\n    /** @var SectionProviderInterface */\n    private $sectionProvider;\n\n    public function __construct(SectionProviderInterface $sectionProvider)\n    {\n        $this-\u003esectionProvider = $sectionProvider;\n    }\n\n    public static function getSubscribedEvents(): array\n    {\n        return [\n            KernelEvents::RESPONSE =\u003e \u0027setCacheControlDirectives\u0027,\n        ];\n    }\n\n    public function setCacheControlDirectives(ResponseEvent $event): void\n    {\n        if (\n            !$this-\u003esectionProvider-\u003egetSection() instanceof AdminSection \u0026\u0026\n            !$this-\u003esectionProvider-\u003egetSection() instanceof ShopCustomerAccountSubSection\n        ) {\n            return;\n        }\n\n        $response = $event-\u003egetResponse();\n\n        $response-\u003eheaders-\u003eaddCacheControlDirective(\u0027no-cache\u0027, true);\n        $response-\u003eheaders-\u003eaddCacheControlDirective(\u0027max-age\u0027, \u00270\u0027);\n        $response-\u003eheaders-\u003eaddCacheControlDirective(\u0027must-revalidate\u0027, true);\n        $response-\u003eheaders-\u003eaddCacheControlDirective(\u0027no-store\u0027, true);\n    }\n}\n```\n\nAfter that register service in the container:\n\n```yaml\nservices:\n    App\\EventListener\\CacheControlSubscriber:\n        arguments: [\u0027@sylius.section_resolver.uri_based_section_resolver\u0027]\n        tags:\n            - { name: kernel.event_subscriber, event: kernel.response }\n```\n\nThe code above requires changes in `ShopUriBasedSectionResolver` in order to work. To backport mentioned logic, you need to replace the `Sylius\\Bundle\\ShopBundle\\SectionResolver\\ShopUriBasedSectionResolver` class with:\n\n```php\n\u003c?php\n\ndeclare(strict_types=1);\n\nnamespace App\\SectionResolver;\n\nuse Sylius\\Bundle\\CoreBundle\\SectionResolver\\SectionInterface;\nuse Sylius\\Bundle\\CoreBundle\\SectionResolver\\UriBasedSectionResolverInterface;\nuse Sylius\\Bundle\\ShopBundle\\SectionResolver\\ShopSection;\n\nfinal class ShopUriBasedSectionResolver implements UriBasedSectionResolverInterface\n{\n    /** @var string */\n    private $shopCustomerAccountUri;\n\n    public function __construct(string $shopCustomerAccountUri = \u0027account\u0027)\n    {\n        $this-\u003eshopCustomerAccountUri = $shopCustomerAccountUri;\n    }\n\n    public function getSection(string $uri): SectionInterface\n    {\n        if (str_contains($uri, $this-\u003eshopCustomerAccountUri)) {\n            return new ShopCustomerAccountSubSection();\n        }\n\n        return new ShopSection();\n    }\n}\n```\n\n```yaml\nservices:\n    sylius.section_resolver.shop_uri_based_section_resolver:\n        class: App\\SectionResolver\\ShopUriBasedSectionResolver\n        tags:\n            - { name: sylius.uri_based_section_resolver, priority: -10 }\n```\n\nYou also need to define a new subsection for the Customer Account that is used in the above services:\n\n```php\n\u003c?php\n\ndeclare(strict_types=1);\n\nnamespace App\\SectionResolver;\n\nuse Sylius\\Bundle\\ShopBundle\\SectionResolver\\ShopSection;\n\nclass ShopCustomerAccountSubSection extends ShopSection\n{\n}\n```\n\n### References\n* Originally published at https://huntr.dev/\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [Sylius issues](https://github.com/Sylius/Sylius/issues)\n* Email us at security@sylius.com\n",
  "id": "GHSA-7563-75j9-6h5p",
  "modified": "2022-03-15T21:47:08Z",
  "published": "2022-03-14T22:26:58Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-7563-75j9-6h5p"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24742"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Sylius/Sylius"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Sylius/Sylius/releases/tag/v1.10.11"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Sylius/Sylius/releases/tag/v1.11.2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Sylius/Sylius/releases/tag/v1.9.10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Sensitive Information Exposure in Sylius"
}

GHSA-7578-VF2V-F2RQ

Vulnerability from github – Published: 2022-09-07 00:01 – Updated: 2022-09-13 00:00
VLAI
Details

A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch for further exploitation in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-23690"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-06T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch for further exploitation in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.",
  "id": "GHSA-7578-vf2v-f2rq",
  "modified": "2022-09-13T00:00:40Z",
  "published": "2022-09-07T00:01:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23690"
    },
    {
      "type": "WEB",
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7595-H4Q6-XM39

Vulnerability from github – Published: 2021-12-16 00:02 – Updated: 2022-05-24 00:00
VLAI
Details

Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-43216"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-15T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability",
  "id": "GHSA-7595-h4q6-xm39",
  "modified": "2022-05-24T00:00:48Z",
  "published": "2021-12-16T00:02:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43216"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43216"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-75GV-HVW9-RJ3C

Vulnerability from github – Published: 2022-10-07 18:15 – Updated: 2022-10-12 12:00
VLAI
Details

Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-39864"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-07T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent.",
  "id": "GHSA-75gv-hvw9-rj3c",
  "modified": "2022-10-12T12:00:21Z",
  "published": "2022-10-07T18:15:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39864"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-75PH-HRV9-H6F8

Vulnerability from github – Published: 2023-05-23 21:30 – Updated: 2024-04-04 04:19
VLAI
Details

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.This issue affects Competition Management System: before 23.07.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2703"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-359",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-23T20:15:09Z",
    "severity": "HIGH"
  },
  "details": "Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.This issue affects Competition Management System: before 23.07.\n\n",
  "id": "GHSA-75ph-hrv9-h6f8",
  "modified": "2024-04-04T04:19:16Z",
  "published": "2023-05-23T21:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2703"
    },
    {
      "type": "WEB",
      "url": "https://www.usom.gov.tr/bildirim/tr-23-0283"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-75XQ-8H5M-HRPV

Vulnerability from github – Published: 2022-11-04 12:00 – Updated: 2022-11-04 19:01
VLAI
Details

"IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-22442"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-03T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "\"IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427.\"",
  "id": "GHSA-75xq-8h5m-hrpv",
  "modified": "2022-11-04T19:01:16Z",
  "published": "2022-11-04T12:00:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22442"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6829325"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-766V-Q9X3-G744

Vulnerability from github – Published: 2026-04-08 19:21 – Updated: 2026-06-19 21:33
VLAI
Summary
PraisonAI has Memory State Leakage and Path Traversal in MultiAgent Context Handling
Details

Summary

The MultiAgentLedger and MultiAgentMonitor components in the provided code exhibit vulnerabilities that can lead to context leakage and arbitrary file operations. Specifically: 1. Memory State Leakage via Agent ID Collision: The MultiAgentLedger uses a dictionary to store ledgers by agent ID without enforcing uniqueness. This allows agents with the same ID to share ledger instances, leading to potential leakage of sensitive context data. 2. Path Traversal in MultiAgentMonitor: The MultiAgentMonitor constructs file paths by concatenating the base_path and agent ID without sanitization. This allows an attacker to escape the intended directory using path traversal sequences (e.g., ../), potentially leading to arbitrary file read/write.

Details

Vulnerability 1: Memory State Leakage

  • File: examples/context/12_multi_agent_context.py:68
  • Description: The MultiAgentLedger class uses a dictionary (self.ledgers) to store ledger instances keyed by agent ID. The get_agent_ledger method creates a new ledger only if the agent ID is not present. If two agents are registered with the same ID, they will share the same ledger instance. This violates the isolation policy and can lead to leakage of sensitive context data (system prompts, conversation history) between agents.
  • Exploitability: An attacker can register an agent with the same ID as a victim agent to gain access to their ledger. This is particularly dangerous in multi-tenant systems where agents may handle sensitive user data.

Vulnerability 2: Path Traversal

  • File: examples/context/12_multi_agent_context.py:106
  • Description: The MultiAgentMonitor class constructs file paths for agent monitors by directly concatenating the base_path and agent ID. Since the agent ID is not sanitized, an attacker can provide an ID containing path traversal sequences (e.g., ../../malicious). This can result in files being created or read outside the intended directory (base_path).
  • Exploitability: An attacker can create an agent with a malicious ID (e.g., ../../etc/passwd) to write or read arbitrary files on the system, potentially leading to information disclosure or file corruption.

PoC

Memory State Leakage

multi_ledger = MultiAgentLedger()

# Victim agent (user1) registers and tracks sensitive data
victim_ledger = multi_ledger.get_agent_ledger('user1_agent')
victim_ledger.track_system_prompt("Sensitive system prompt")
victim_ledger.track_history([{"role": "user", "content": "Secret data"}])

# Attacker registers with the same ID
attacker_ledger = multi_ledger.get_agent_ledger('user1_agent')

# Attacker now has access to victim's ledger
print(attacker_ledger.get_ledger().system_prompt)  # Outputs: "Sensitive system prompt"
print(attacker_ledger.get_ledger().history)        # Outputs: [{'role': 'user', 'content': 'Secret data'}]

Path Traversal

with tempfile.TemporaryDirectory() as tmpdir:
    multi_monitor = MultiAgentMonitor(base_path=tmpdir)

    # Create agent with malicious ID
    malicious_id = '../../malicious'
    monitor = multi_monitor.get_agent_monitor(malicious_id)

    # The monitor file is created outside the intended base_path
    # Example: if tmpdir is '/tmp/safe_dir', the actual path might be '/tmp/malicious'
    print(monitor.path)  # Outputs: '/tmp/malicious' (or equivalent)

Impact

  • Memory State Leakage: This vulnerability can lead to unauthorized access to sensitive agent context, including system prompts and conversation history. In a multi-tenant system, this could result in cross-user data leakage.
  • Path Traversal: An attacker can read or write arbitrary files on the system, potentially leading to information disclosure, denial of service (by overwriting critical files), or remote code execution (if executable files are overwritten).

Recommended Fix

For Memory State Leakage

  • Enforce unique agent IDs at the application level. If the application expects unique IDs, add a check during agent registration to prevent duplicates.
  • Alternatively, modify the MultiAgentLedger to throw an exception if an existing agent ID is reused (unless explicitly allowed).

For Path Traversal

  • Sanitize agent IDs before using them in file paths. Replace any non-alphanumeric characters (except safe ones like underscores) or remove path traversal sequences.
  • Use os.path.join and os.path.realpath to resolve paths, then check that the resolved path starts with the intended base directory.

Example fix for MultiAgentMonitor:

import os

def get_agent_monitor(self, agent_id: str):
    # Sanitize agent_id to remove path traversal
    safe_id = os.path.basename(agent_id.replace('../', '').replace('..\\', ''))
    # Alternatively, use a strict allow-list of characters

    # Construct path and ensure it's within base_path
    agent_path = os.path.join(self.base_path, safe_id)
    real_path = os.path.realpath(agent_path)
    real_base = os.path.realpath(self.base_path)

    if not real_path.startswith(real_base):
        raise ValueError(f"Invalid agent ID: {agent_id}")

    ...

Additionally, consider using a dedicated function for sanitizing filenames.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.5.114"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "praisonaiagents"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.115"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-56078"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-08T19:21:32Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Summary\nThe `MultiAgentLedger` and `MultiAgentMonitor` components in the provided code exhibit vulnerabilities that can lead to context leakage and arbitrary file operations. Specifically:\n1. **Memory State Leakage via Agent ID Collision**: The `MultiAgentLedger` uses a dictionary to store ledgers by agent ID without enforcing uniqueness. This allows agents with the same ID to share ledger instances, leading to potential leakage of sensitive context data.\n2. **Path Traversal in MultiAgentMonitor**: The `MultiAgentMonitor` constructs file paths by concatenating the `base_path` and agent ID without sanitization. This allows an attacker to escape the intended directory using path traversal sequences (e.g., `../`), potentially leading to arbitrary file read/write.\n\n## Details\n### Vulnerability 1: Memory State Leakage\n- **File**: `examples/context/12_multi_agent_context.py:68`\n- **Description**: The `MultiAgentLedger` class uses a dictionary (`self.ledgers`) to store ledger instances keyed by agent ID. The `get_agent_ledger` method creates a new ledger only if the agent ID is not present. If two agents are registered with the same ID, they will share the same ledger instance. This violates the isolation policy and can lead to leakage of sensitive context data (system prompts, conversation history) between agents.\n- **Exploitability**: An attacker can register an agent with the same ID as a victim agent to gain access to their ledger. This is particularly dangerous in multi-tenant systems where agents may handle sensitive user data.\n\n### Vulnerability 2: Path Traversal\n- **File**: `examples/context/12_multi_agent_context.py:106`\n- **Description**: The `MultiAgentMonitor` class constructs file paths for agent monitors by directly concatenating the `base_path` and agent ID. Since the agent ID is not sanitized, an attacker can provide an ID containing path traversal sequences (e.g., `../../malicious`). This can result in files being created or read outside the intended directory (`base_path`).\n- **Exploitability**: An attacker can create an agent with a malicious ID (e.g., `../../etc/passwd`) to write or read arbitrary files on the system, potentially leading to information disclosure or file corruption.\n\n## PoC\n### Memory State Leakage\n```python\nmulti_ledger = MultiAgentLedger()\n\n# Victim agent (user1) registers and tracks sensitive data\nvictim_ledger = multi_ledger.get_agent_ledger(\u0027user1_agent\u0027)\nvictim_ledger.track_system_prompt(\"Sensitive system prompt\")\nvictim_ledger.track_history([{\"role\": \"user\", \"content\": \"Secret data\"}])\n\n# Attacker registers with the same ID\nattacker_ledger = multi_ledger.get_agent_ledger(\u0027user1_agent\u0027)\n\n# Attacker now has access to victim\u0027s ledger\nprint(attacker_ledger.get_ledger().system_prompt)  # Outputs: \"Sensitive system prompt\"\nprint(attacker_ledger.get_ledger().history)        # Outputs: [{\u0027role\u0027: \u0027user\u0027, \u0027content\u0027: \u0027Secret data\u0027}]\n```\n\n### Path Traversal\n```python\nwith tempfile.TemporaryDirectory() as tmpdir:\n    multi_monitor = MultiAgentMonitor(base_path=tmpdir)\n    \n    # Create agent with malicious ID\n    malicious_id = \u0027../../malicious\u0027\n    monitor = multi_monitor.get_agent_monitor(malicious_id)\n    \n    # The monitor file is created outside the intended base_path\n    # Example: if tmpdir is \u0027/tmp/safe_dir\u0027, the actual path might be \u0027/tmp/malicious\u0027\n    print(monitor.path)  # Outputs: \u0027/tmp/malicious\u0027 (or equivalent)\n```\n\n## Impact\n- **Memory State Leakage**: This vulnerability can lead to unauthorized access to sensitive agent context, including system prompts and conversation history. In a multi-tenant system, this could result in cross-user data leakage.\n- **Path Traversal**: An attacker can read or write arbitrary files on the system, potentially leading to information disclosure, denial of service (by overwriting critical files), or remote code execution (if executable files are overwritten).\n\n## Recommended Fix\n### For Memory State Leakage\n- Enforce unique agent IDs at the application level. If the application expects unique IDs, add a check during agent registration to prevent duplicates.\n- Alternatively, modify the `MultiAgentLedger` to throw an exception if an existing agent ID is reused (unless explicitly allowed).\n\n### For Path Traversal\n- Sanitize agent IDs before using them in file paths. Replace any non-alphanumeric characters (except safe ones like underscores) or remove path traversal sequences.\n- Use `os.path.join` and `os.path.realpath` to resolve paths, then check that the resolved path starts with the intended base directory.\n\nExample fix for `MultiAgentMonitor`:\n```python\nimport os\n\ndef get_agent_monitor(self, agent_id: str):\n    # Sanitize agent_id to remove path traversal\n    safe_id = os.path.basename(agent_id.replace(\u0027../\u0027, \u0027\u0027).replace(\u0027..\\\\\u0027, \u0027\u0027))\n    # Alternatively, use a strict allow-list of characters\n    \n    # Construct path and ensure it\u0027s within base_path\n    agent_path = os.path.join(self.base_path, safe_id)\n    real_path = os.path.realpath(agent_path)\n    real_base = os.path.realpath(self.base_path)\n    \n    if not real_path.startswith(real_base):\n        raise ValueError(f\"Invalid agent ID: {agent_id}\")\n    \n    ...\n```\nAdditionally, consider using a dedicated function for sanitizing filenames.",
  "id": "GHSA-766v-q9x3-g744",
  "modified": "2026-06-19T21:33:34Z",
  "published": "2026-04-08T19:21:32Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-766v-q9x3-g744"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56078"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/MervinPraison/PraisonAI"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/praisonai-arbitrary-file-read-and-write-via-path-traversal-in-multiagentmonitor"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "PraisonAI has Memory State Leakage and Path Traversal in MultiAgent Context Handling"
}

GHSA-76Q4-6GM8-M28C

Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03
VLAI
Details

General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-5787"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-07-15T16:59:00Z",
    "severity": "MODERATE"
  },
  "details": "General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors.",
  "id": "GHSA-76q4-6gm8-m28c",
  "modified": "2022-05-13T01:03:59Z",
  "published": "2022-05-13T01:03:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5787"
    },
    {
      "type": "WEB",
      "url": "https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-16-01"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-194-02"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/91727"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-76R9-Q8J4-X44W

Vulnerability from github – Published: 2023-01-26 21:30 – Updated: 2023-02-01 18:30
VLAI
Details

Qlik QlikView through 12.60.20100.0 creates a Temporary File in a Directory with Insecure Permissions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-41989"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-26T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Qlik QlikView through 12.60.20100.0 creates a Temporary File in a Directory with Insecure Permissions.",
  "id": "GHSA-76r9-q8j4-x44w",
  "modified": "2023-02-01T18:30:31Z",
  "published": "2023-01-26T21:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41989"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0001.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-773V-8W82-H42V

Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-07-13 00:01
VLAI
Details

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. A MediaWiki user who is partially blocked or was unsuccessfully blocked could bypass AbuseFilter and have their edits completed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-31548"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-22T03:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. A MediaWiki user who is partially blocked or was unsuccessfully blocked could bypass AbuseFilter and have their edits completed.",
  "id": "GHSA-773v-8w82-h42v",
  "modified": "2022-07-13T00:01:24Z",
  "published": "2022-05-24T17:48:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31548"
    },
    {
      "type": "WEB",
      "url": "https://gerrit.wikimedia.org/r/q/Ifac795125927d584a31d95e1b4c4241eef860fa1"
    },
    {
      "type": "WEB",
      "url": "https://phabricator.wikimedia.org/T272333"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.