CWE-668
DiscouragedExposure of Resource to Wrong Sphere
Abstraction: Class · Status: Draft
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
1252 vulnerabilities reference this CWE, most recent first.
GHSA-7FQC-P256-7PWJ
Vulnerability from github – Published: 2026-07-02 20:31 – Updated: 2026-07-02 20:31Summary
The JWT signing key cache in TokenKeyResolver uses kid as the sole cache key without namespacing by authority. In applications with multiple JwtBearer schemes pointing to different identity providers, a key fetched for one scheme can satisfy token validation for another. Additionally, cached keys have no expiration, so rotated or revoked keys remain trusted until the application process restarts.
Impact
In multi-scheme deployments, an attacker who controls one identity provider's signing key can forge tokens accepted by other schemes within the same application. For all applications using TokenKeyResolver, a signing key removed from the identity provider's JWKS endpoint remains trusted indefinitely.
Mitigations
If an immediate upgrade is not possible:
- In multi-scheme deployments, configure only one
JwtBearerscheme per application when different identity providers are required. - Restart the application process after an identity provider signing key rotation to clear stale cached keys.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Steeltoe.Security.Authentication.JwtBearer"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.2.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Steeltoe.Security.Authentication.OpenIdConnect"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.2.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.3.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Steeltoe.Security.Authentication.CloudFoundryBase"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-50202"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-02T20:31:47Z",
"nvd_published_at": "2026-06-17T23:17:04Z",
"severity": "MODERATE"
},
"details": "### Summary\n\nThe JWT signing key cache in `TokenKeyResolver` uses `kid` as the sole cache key without namespacing by authority. In applications with multiple `JwtBearer` schemes pointing to different identity providers, a key fetched for one scheme can satisfy token validation for another. Additionally, cached keys have no expiration, so rotated or revoked keys remain trusted until the application process restarts.\n\n### Impact\n\nIn multi-scheme deployments, an attacker who controls one identity provider\u0027s signing key can forge tokens accepted by other schemes within the same application. For all applications using `TokenKeyResolver`, a signing key removed from the identity provider\u0027s JWKS endpoint remains trusted indefinitely.\n\n### Mitigations\n\nIf an immediate upgrade is not possible:\n\n- In multi-scheme deployments, configure only one `JwtBearer` scheme per application when different identity providers are required.\n- Restart the application process after an identity provider signing key rotation to clear stale cached keys.",
"id": "GHSA-7fqc-p256-7pwj",
"modified": "2026-07-02T20:31:47Z",
"published": "2026-07-02T20:31:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/SteeltoeOSS/security-advisories/security/advisories/GHSA-7fqc-p256-7pwj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50202"
},
{
"type": "WEB",
"url": "https://github.com/SteeltoeOSS/Steeltoe/commit/04db2ace3b806bfe0260bb7d4bda340f241eff48"
},
{
"type": "WEB",
"url": "https://github.com/SteeltoeOSS/Steeltoe/commit/17b27b8be546ae3f83a2f6e91d45e0c84c5314b7"
},
{
"type": "PACKAGE",
"url": "https://github.com/SteeltoeOSS/security-advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Steeltoe\u0027s static JWKS cache shared across schemes and never invalidated"
}
GHSA-7H6W-3H2J-3P77
Vulnerability from github – Published: 2023-11-13 18:30 – Updated: 2023-11-13 18:30Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
{
"affected": [],
"aliases": [
"CVE-2023-42551"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-07T08:15:22Z",
"severity": "MODERATE"
},
"details": "Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.",
"id": "GHSA-7h6w-3h2j-3p77",
"modified": "2023-11-13T18:30:59Z",
"published": "2023-11-13T18:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42551"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7H78-RCQP-P8WH
Vulnerability from github – Published: 2022-05-13 01:32 – Updated: 2022-05-13 01:32IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated to a newer release of WebSphere Application Server. IBM X-Force ID: 150813.
{
"affected": [],
"aliases": [
"CVE-2018-1840"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-03T15:29:00Z",
"severity": "HIGH"
},
"details": "IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated to a newer release of WebSphere Application Server. IBM X-Force ID: 150813.",
"id": "GHSA-7h78-rcqp-p8wh",
"modified": "2022-05-13T01:32:35Z",
"published": "2022-05-13T01:32:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1840"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150813"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10735767"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106141"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7H9M-CJQH-75C6
Vulnerability from github – Published: 2022-07-13 00:01 – Updated: 2022-07-17 00:00Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action.
{
"affected": [],
"aliases": [
"CVE-2022-30751"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-12T14:15:00Z",
"severity": "LOW"
},
"details": "Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action.",
"id": "GHSA-7h9m-cjqh-75c6",
"modified": "2022-07-17T00:00:45Z",
"published": "2022-07-13T00:01:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30751"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7HHW-C2C3-VP77
Vulnerability from github – Published: 2022-10-07 18:15 – Updated: 2022-10-12 12:00Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.
{
"affected": [],
"aliases": [
"CVE-2022-39865"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-07T15:15:00Z",
"severity": "HIGH"
},
"details": "Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.",
"id": "GHSA-7hhw-c2c3-vp77",
"modified": "2022-10-12T12:00:24Z",
"published": "2022-10-07T18:15:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39865"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7J5W-VXPG-45WV
Vulnerability from github – Published: 2022-10-12 12:00 – Updated: 2025-01-03 00:31Windows Graphics Component Information Disclosure Vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-37985"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-11T19:15:00Z",
"severity": "MODERATE"
},
"details": "Windows Graphics Component Information Disclosure Vulnerability.",
"id": "GHSA-7j5w-vxpg-45wv",
"modified": "2025-01-03T00:31:06Z",
"published": "2022-10-12T12:00:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37985"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37985"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37985"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7JRW-MP94-7V28
Vulnerability from github – Published: 2023-10-18 18:31 – Updated: 2025-01-09 21:31An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 allows unauthenticated attackers to login as any user without a password.
{
"affected": [],
"aliases": [
"CVE-2023-45911"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-18T18:15:09Z",
"severity": "CRITICAL"
},
"details": "An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 allows unauthenticated attackers to login as any user without a password.",
"id": "GHSA-7jrw-mp94-7v28",
"modified": "2025-01-09T21:31:26Z",
"published": "2023-10-18T18:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45911"
},
{
"type": "WEB",
"url": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2023-45911"
},
{
"type": "WEB",
"url": "https://github.com/PostalBlab/Vulnerabilities/blob/main/ComScale/auth_bypass.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7JX6-VRRG-4872
Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2022-05-13 01:47ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a privilege elevation vulnerability. An attacker could exploit this vulnerability to modify the configuration information containing malicious files and trick users into executing the files, resulting in the execution of arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2017-8185"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-22T19:29:00Z",
"severity": "HIGH"
},
"details": "ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a privilege elevation vulnerability. An attacker could exploit this vulnerability to modify the configuration information containing malicious files and trick users into executing the files, resulting in the execution of arbitrary code.",
"id": "GHSA-7jx6-vrrg-4872",
"modified": "2022-05-13T01:47:20Z",
"published": "2022-05-13T01:47:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8185"
},
{
"type": "WEB",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-me906s-en"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7M98-WHF4-6699
Vulnerability from github – Published: 2021-12-15 00:01 – Updated: 2021-12-18 00:01A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts.
{
"affected": [],
"aliases": [
"CVE-2021-44524"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-14T12:15:00Z",
"severity": "CRITICAL"
},
"details": "A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions \u003c V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts.",
"id": "GHSA-7m98-whf4-6699",
"modified": "2021-12-18T00:01:57Z",
"published": "2021-12-15T00:01:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44524"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-7MHC-76HF-3JP9
Vulnerability from github – Published: 2023-07-06 21:14 – Updated: 2023-07-06 23:33Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7891 to solve it.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.inlong:manager-pojo"
},
"ranges": [
{
"events": [
{
"introduced": "1.4.0"
},
{
"fixed": "1.7.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.inlong:manager-dao"
},
"ranges": [
{
"events": [
{
"introduced": "1.4.0"
},
{
"fixed": "1.7.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.inlong:manager-service"
},
"ranges": [
{
"events": [
{
"introduced": "1.4.0"
},
{
"fixed": "1.7.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.inlong:manager-test"
},
"ranges": [
{
"events": [
{
"introduced": "1.4.0"
},
{
"fixed": "1.7.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.inlong:manager-web"
},
"ranges": [
{
"events": [
{
"introduced": "1.4.0"
},
{
"fixed": "1.7.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-31103"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-06T23:33:25Z",
"nvd_published_at": "2023-05-22T16:15:10Z",
"severity": "HIGH"
},
"details": "Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.\u00a0 Attackers can change the immutable name and type of cluster of InLong.\u00a0Users are advised to upgrade to Apache InLong\u0027s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7891 to solve it.\n\n\n",
"id": "GHSA-7mhc-76hf-3jp9",
"modified": "2023-07-06T23:33:25Z",
"published": "2023-07-06T21:14:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31103"
},
{
"type": "WEB",
"url": "https://github.com/apache/inlong/pull/7891"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/inlong"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/bv51zhjookcnfbz8b0xsl9wv78sn0j1p"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache InLong Exposure of Resource to Wrong Sphere vulnerability"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.